In the last few months there has been a rise in the proportion of e-mails containing malicious attachments. This is something of a throwback to the old days, when worms and Trojan horses were regularly being spread via e-mail rather than being found on compromised Web sites, says Brett Myroff, CEO of regional Sophos distributor, Sophos SA.
“One psychological trick up hackers' sleeves that does not seem to have gone out of favour is to disguise the malware as an eCard, or electronic greeting card,” he says.
Noted at the moment are spammed-out malicious messages with the subject line: “You have received an eCard” pretending to come from legitimate online greeting company 123Greetings.com.
Greetings and salutations
Attached to the e-mails is an archived file, e-card.zip, which contains a malicious Trojan horse that downloads further malware from the Internet - including scareware designed to fool unsuspecting users into purchasing a bogus security product.
Sophos detects the Trojan horse as Troj/DwnLdr-HIW, and the e-mails as spam. “Customers have been automatically updated to defend against it, but users of other vendors' products may want to ensure they are also defended,” Myroff says.
Also making the headlines is the Federal Trade Commission (FTC) convincing a court to shut down a major international spam operation, believed to have marketed bogus drugs to enhance male sexual performance, fake luxury watches and weight loss solutions.
Australia-based Lance Thomas Atkinson, a citizen of New Zealand, and US-based Jody Michael Smith, are defendants in a case brought by the FTC; it claims to have received over three million complaints from people affected by the spam operation. Four companies owned by Atkinson and Smith (Inet Ventures, Tango Pay, Click Fision, and Twobucks Trading) are also named in court documents.
A sorry sight
Many people who own an e-mail address will be all too familiar with the sight of an e-mail in their inbox offering them a '100% safe and natural herbal' male enhancement pill - but according to the FTC, these drugs may not work as claimed, and may be dangerous for some people. “According to court documents, Atkinson and Smith run 'Affking', one of the world's largest spam networks, and recruited spammers online to work for them,” Myroff adds.
In a breach of Can-Spam legislation, the bulk e-mails are said to have not included an opt-out mechanism for consumers, and contained spoofed sender information to disguise their true origin.
“Anyone hoping, however, that they might find less spam in their e-mail program is probably going to be in for a disappointment. It's unlikely that action like this is going to result in a dramatic drop in the amount of spam you encounter - but the more effort that is taken to crack down on criminal spammers, the better for all of us.”
This week's line-up of low to medium prevalence threats includes the Troj/FakeVir-GL, which is affecting Windows users and installs itself in the registry.
Worms affecting Windows include W32/AutoIt-AA and W32/AutoRun-MA. Threats displaying malicious behaviour include Mal/Dorf-R, Mal/Dorf-S and Mal/RKFarfli-B, which is a malicious program with rootkit functionality.
Share
Editorial contacts