Holiday themed based Malware courtesy of Fast-flux

by Steve Ragan - Dec 22 2008, 17:54

With little more than three days before Christmas, criminals are boosting efforts to spread a different kind of Holiday cheer. Picking up where the Storm botnet left off, the new wave of Email-based Social Engineering uses the pending Holiday theme to trick users into reading “Greeting Cards” or other Christmas themed materials.

ESET spots a new wave of Holiday based Malware. (IMG:J.Anderson)

However, the Social Engineering aspect and the Holiday-based nature are the only direct connections this new wave of Email has to the now infamous Storm botnet.“Yesterday, we started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but Malware. The reason this wave of Malware has attracted our attention is that it is very similar to [Storm attacks] we were seeing last year,” said Pierre-Marc Bureau, ESET researcher.The idea of attaching an EXE to an email or linking to malicious files is nothing new. Yet, the problem is that people still fall for this despite the warnings in the media and other places online.“Although this attack uses fast-flux to make it harder to trace its web servers and a redirection page very similar to those used by Storm last year, this is not the resurrection of the Storm botnet,” added Bureau.ESET has listed the new Malware as a variant of Win32/Waledac Worm after taking a look at the malicious links and the files downloaded.This inspection proved that they are completely different from the Storm based files used in attacks this time last year. The new variant of the Malware has no peer-to-peer abilities and uses an Open Source packer instead of the customized packer that was seen used by Storm. In addition, the EXE files inspected by ESET contained cryptographic capabilities that were not present in Storm.“What we are observing today is proof that Malware authors are learning from each other’s errors and successes. After seeing that Storm was able to infect thousands of systems last year with Christmas-related social engineering, the criminals behind other Malware families are now trying to emulate that success.”The best way to avoid infection is simply not to follow links or open attachments that appear in email from sources unknown. The subject lines and From fields in the emails will be a dead giveaway, as most of them fail to correctly mimic the legit eCard services.

Comment on this Story

Interested in a more interactive TTH? Join our Facebook Group
Want regular updates from The Tech Herald? Follow us on Twitter

Comment on this Story

Note our older Talkback system is still running below. We hope to import existing comments into the new system shortly. Guest posting is still allowed, however, you can now login with any number of social network accounts.

Talkback

Add your comment (no registration required)

page: 1

ecard safety practicesDec 23rd, 2008 - 03:51:12

There are a few precaution that one needs to be aware of when one receives ecards.

* Make sure you recognize the sender's name. The sender's FULL name should ALWAYS be included in the subject line (and sometimes in the 'from' field) of the email.

* The web site should be easily identified in one or more of the following places: the 'from' field, the subject line, or in the email itself.

* Do NOT click any links with simple IP address. In a fake ecard email, the IP address may be hidden and can only be seen by hovering your cursor over the link or right clicking on the link to view properties. The link should not be a series of number (e.g. 169.180.1.15, commonly referred to as an IP address).

* An ecard email should NOT have any attachment of any kind. The recipient will go to the web site to 'pick up' (i.e. view) the ecard.

* Legitimate ecard emails will always include an option to pick up the ecard by typing the web site address and enter a code.

* Use a webmail or email application that has good spam filter. My experience with Gmail has been very good. It filters out almost all spam mail.

Report this comment

page: 1

Add your comment (no registration required)

Security

Holiday themed based Malware courtesy of Fast-flux

Comment on this Story

Talkback

Latest

Latest Articles on Monsters&Critics

In The Tech Herald

Site

The Fine Print