The trend for malicious e-mail masquerading as legit news is still growing. Over the past few weeks millions of messages have landed in the e-mail boxes of users across the globe, offering up Malware instead of news supporting their catchy headlines.
Storm turns out news in latest wave of attack. (IMG:J.Anderson)
The e-mail subjects vary, with some being straight to the point like "CNN.com Daily Top 10" or "BREAKING news" (MSNBC is also used as a replacement for CNN). Other subjects are more comical and, at the least, more attention grabbing, such as "Cannibalism!........In The Usa" or "Mccain Vows To Replace Secret Service With His Own Bare Fists".
"Sadly, the latest salvo of spam hitting our inboxes is likely to trick unsuspecting email users with its topical headlines and the seemingly trusted source," said Graham Cluley, senior technology consultant for Sophos. "But by now everyone should be well aware of this kind of dirty trick and should never click on links in unsolicited emails."
In the lab here at The Tech Herald, we have seen close to 6,000 variants of these e-mails, each with the same origin, the notorious Storm Worm, launched officially in 2007.
The goal with these e-mails is the same, tricking the users reading the e-mail into following a link that will install Malware in the guise of a video player codec. Some of the Malware installed takes the shape of Antivirus XP 2008, a fake AV program that leads to other methods of attack and will attach the infected computer to the massive botnet that is spreading the e-mails.
"The hackers can obviously change that code (and its aim) at any time, but presently it downloads rogue anti-virus software that tries to scare users into buying a bogus product," explained Cluley. "If you do so, of course, you will be handing over your credit card details to people who have already proven they are prepared to break the law."
Michael Roberts of Vivtek has been following the fake news, as well as Storm in general, and posted his findings online.
If anything, the comprehensive list of e-mail subjects will amuse most, but for the professionals, the timeline and tracking will offer a wealth of information.
Click here to learn more.
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)