News
Marshal's TRACE team alerts about a variety of headlines being used in order to attract users to click on a malicious link. Sent messages include different bogus subject lines such as 'Bush Down to 8 Friends on Myspace'; 'Yahoo sold to Microsoft, record price'; 'Al Qaeda Reports Declining Revenues in Fiscal ‘08'; 'Obama Is Anorexic Over-Exerciser'; and 'Martian Soil Fantastic for Growing Weed Says NASA'. According to Phil Hay, lead threat analyst for Marshal's TRACE Team, some of the headlines are hard to be taken seriously and some of them are believed to be The messages include more sensational headlines, usually on a topic unrelated to the subject line, and a URL link. These links generally end with '/viewmovie.html', '/stream.html' or '/r.html'. Marshal's records indicate that Rustock is calculated to contain over 150,000 infected personal computers and dispense around 30 billion spam emails per day. When a recipient clicks on one of these links, a Web page opens with a fake web video attempting to load and a popup window that prompts the user to install an executable file called 'codecinst.exe' which actually is a malware. In case this malicious file is downloaded and installed on the computer, it brings a fake Windows XP anti-virus program and the Rustock spambot itself. The spambot can be delivered automatically to users who operate unpatched Internet Explorer browsers through a JavaScript components created in order to exploit vulnerabilities in Internet Explorer. Hay added that spammers are trying to cover up the installation of the executable under a serious pretext.
References: http://www.itnews.com.au Further reading: http://www.marketwatch.com
|
Security vendor Marshal warns against the growth of the world's second largest botnet called Rustock. Cyber criminals from a massive coordinated malicious campaign send spam email messages including fake headlines about what seems to be real news related to Microsoft, George Bush and Al Qaeda. The aim of such e-mails is to infect users' computers with malware and to expand the growth of this malicious Rustock campaign.
attractive. A broad tendency of the latest Rustock campaign is that spammers are hacking into legitimate Web sites in order to host their malware.
Latest Comments
2009-01-04 09:38:26
User Comments