Usual fare for holiday season

Storm ecards and social site spyware mark unsurprising year end.

With large portions of the globe celebrating various festivals over the past few weeks, an expected upsurge in malware attacks has been seen, including the now inevitable wave of emails from the 'Storm' worm attack (which targeted most important festivals in the past year), supplemented by another outbreak of spyware on a popular social networking site.

The latest Storm wave hit first on Christmas Eve, with a somewhat belated wave of greetings cards targeting unwary celebrators. The wave quickly moved on to the new year, with subjects and URLs reflecting the seasonal message, most being some variant of 'Happy 2008', while the content promised anything but - trojans dropped via exploits adding new systems to the botnets behind the spam campaign.

Facebook, the social networking success story of 2007, saw a large number of users hit buy a nasty application posing as messages from a secret admirer, which in fact led to the installation of notorious spyware product Zango.

The app requires users to provide contact information for a group of their own 'friends' before installing to a Facebook page, and also dropping the Zango software onto the system. It then goes on to push itself on these users, leading Fortinet researchers to label it a 'social worm' in their blog entry on the outbreak, here. More comment from McAfee is here. Another Facebook threat, a phishing attempt uncovered by researchers at F-Secure, is described here.

'Both these attacks reflect the popularity of social engineering with malware authors,' said John Hawes, Technical Consultant at Virus Bulletin. 'They rely on users getting excited at the thought of social contacts, even from strangers, and ignoring usual safety precautions. Users are always going to be the weakest link in security, perhaps as these attacks become ever more commonplace people will start using their heads a little more when they are online.'

More info on the latest wave of Storm is at F-Secure here, at ESET here or at ScanSafe here.

08 January 2008

Tags: malware, social engineering, social networking, spyware, storm, trojan.

del.icio.us

digg this

News


	February issue of VB published The February issue of Virus Bulletin is now available for subscribers to download. 1 February 2012 Hacktivists hijack DNS of popular websites Security at registrars may be weak link. 26 January 2012 New RFC describes best practices for running DNS-based lists DNSBL users advised to avoid those lists that charge for delisting. 24 January 2012 Vulnerability turns McAfee's anti-malware solution into open relay Flaw allows for spam to be sent through customers' PCs. 19 January 2012 AV-Test releases latest results Business and consumer products achieve high pass rate. 18 January 2012 Subscribe \| View All virusbtn: Youve probably heard about crooks adding their own card reader to ATMs. In Brazil, they infect those ATMs with malware http://t.co/xALuOuEe 14 hours ago virusbtn: Dutch ISP KPN was hacked in January, exposing millions of customers personal details. There are lessons to be learned http://t.co/CSHJA6hy 14 hours ago Follow us

News Archive


	2011 2010 2009 2008 2008 2007 2006 2005 2004 2003 2002 Subscribe \| View All

News


	See also Calendar of Events Polls

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

VB2012


	VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,229 registered users.

Fighting malware and spam

Usual fare for holiday season