Increased use of spam spreads malware

IT Reseller Magazine

Article Search: Go To: Keyword

HOME Channel News Channel Talk Events Video Library

The Magazine Subscribe Editor 2010 Media Kit Digital Edition Advertise Feed Back Contact Us

Technologies Data Capture Bar Code RFID Biometrics ID Cards Mobile Computing Print & Label Retail Technology Document Mgmt. Networking Internet security Data Storage Power/UPS Audio/Visual Videos

Verticals POS/hospitality Logistics Field service Education Manufacturing Healthcare Office Automation Gov./Finance

Online Tools RSS Feeds Newsletters Advertise Digital Edition Contact Us Personal Dev. Video Library Jobs

Links Retail Technology Your Tech TV Logistics IT Logistics Handling Your Logistics TV Your Tech Advice

Internet Security
Internet control, email and network protection

Increased use of spam spreads malware
July 28, 2008

PandaLabs has detected an increase in the use of spam combined with social engineering to spread malware. Several examples have appeared over the last few days.

The most recent case detected involves emails warning of an alleged malware alert (with subjects such as: Worm alert! or spyware alert!), but whose real aim is to spread the Nurech.Z worm. To make the messages more credible, typically trusted sources such as Customer Support are used as the name of the sender.

Another recent case uses photographs of Britney Spears as bait. The email has subjects including “Britney spears naked pussy & paris Hilton” or “Hot pictures of Britiney Speers”. On opening the email, users will find several erotic photos of the singer. However, when they click on the photo they will actually be downloading the malicious code onto the computer. This worm exploits a vulnerability in Microsoft ANI files in order to spread. This code then downloads other examples of malware onto computers.

The third example is similar to the previous one, although it emerged a few days later. The only difference is the protagonist. In this case it uses photos of the pornstar Jenna Jameson as a lure to trick users into clicking on the link hidden in the pictures. The result is the same. The malicious code exploits vulnerabilities in ANI files to infect the computer and download more malware.

“Emails have also been received with subjects like “Hot pictures of paris hilton nude” or other similar titles. The aim is the same: to entice users into clicking on a link and falling into the trap. This is known as social engineering”, explains Luis Corrons, technical director of PandaLabs.

Another example has been used to spread the Grum.A worm. This malware spreads in emails offering a beta of Internet Explorer 7. As in the previous cases, the message contains a photograph, which in this case supposedly gave access to the beta version of IE 7.

“Why use spam to spread malware? On the one hand, junk mail reaches people on a massive scale and therefore improves the chances of success. On the other, in this way cyber-crooks get the users themselves to download the infected file, so avoiding malicious attachments being detected and eliminated by antivirus solutions.”, explains Luis Corrons.

All users that want to know whether their computers have been attacked by these or other malicious code can use TotalScan, the free online solution available from PandaLabs.

They can also use the NanoScan beta, an online scanner that detects active malware on computers in less than 1 minute.

Other Internet Security News

Security White Papers

Newly patented technology 'reaffirms AhnLab position as premier provider of online banking security'
AhnLab Inc., provider of integrated security solutions, has announced the issuance of Korea Intellectual Property Office (KIPO) Patent No. 10-2008-0007159: "Protection System and Method for Internet Websites."

Employee survey highlights dangers of insider threat
Whilst the media seems pre-occupied with the problems of cybercriminals and hackers causing problems for organisations from outside their network, a survey just published shows that 23 per cent of UK employees will take customer lists and other sensitive data when they leave their employer.

Trusteer uncovers Zeus botnet that plunders over 100,000 UK Internet user credentials
Trusteer, provider of secure browsing services, has uncovered a large Zeus version 2 botnet being used to conduct financial fraud in the UK which is operated and controlled from Eastern Europe.

Trusteer warns financial malware is attacking leading US banks using Visa and MasterCard
Trusteer has announced that the Zeus (Zbot) financial malware is targeting online banking customers of 15 leading US financial institutions by exploiting two trusted credit card security programs.

Barracuda spam & virus firewall offers broader outbound email content filtering capabilities
Barracuda Networks Inc., provider of security, storage and networking solutions, has announced new features to its flagship Barracuda Spam & Virus Firewall that enhance full inbound and outbound email scanning from the same appliance.

Over half of IT professionals are still leaving mobile security to chance
As threats to corporate data grow, and the cost of breaches increase, a survey of alleged security conscious professionals has remarkably revealed that over half of respondents (52%), who admit to carrying company data on a USB stick, do not encrypt it.

More >>

Understanding the value of outsourcing network security services
This white paper will examine the many new challenges that are facing today’s network owners, the pros and cons of using in-house resources and outsourcing for your network assessment and day-to-day monitoring, as well as guidelines to help select and maximize the value of outside resources.

GFI warns one anti-virus engine is not enough to protect your business
Although 99% of large British companies use anti-virus products, 43% were still infected by viruses (UK ISBS Survey 2006)

CONTENT FILTERING SOLUTIONS TECHNOLOGY REPORT APRIL 2006
Source: West Coast Labs/Netintelligence

The Trend of Threats Today: 2005 Annual Roundup and 2006 Forecast
Trend Micro
The report that follows is not only an account and analysis of 2005 threat
incidents. It also serves as a forecast of what the future holds in 2006 and
onwards. Through Trend Micro‘s extensive research and analysis of the 2005
incidents, this paper documents how threats evolved into the multi-purpose
threat regime – thus providing corporate and home users information on what
to do to ensure they remain protected against future threats. Download free white paper.

If you can't beat it, manage it
David Caughtry of Computerlinks looks at the challenges facing IT managers with the growing use of Instant Messaging in the workplace.

Are you becoming a one-stop security shop?
David Ellis, director of e-security at Unipalm discusses best practice security management and the evolution of protection technology.

More >>

Look out for worms in your spam!
Increased use of spam combined with social engineering to spread malware
Popular tennis websites struck in latest malware attack, Sophos warns
Tennis fans at risk as hackers infect websites during Wimbledon tournament
More malicious attacks on the threat horizon, warns ISF
The Information Security Forum is warning of an increase in malicious threats including attacks from organised crime and industrial espionage, along with a rise in mobile malware and Web 2.0 vulnerabilities
New Facebook profile design marred by security slip-up
Privacy breach exposed users' hidden dates of birth
Confick worm exploits Microsoft MS08-067 vulnerability
Back in October warnings were given about a critical security vulnerability found in some versions of Microsoft Windows

© Copyright 2006, IBC - Interactive Business Communications Help \| Contact Us \| Privacy \| RSS Feeds \| Site Map \| Advertise YourTechTV.com Only Technology Videos