Usual fare for holiday season

Posted by   Virus Bulletin on   Jan 8, 2008

Storm ecards and social site spyware mark unsurprising year end.

With large portions of the globe celebrating various festivals over the past few weeks, an expected upsurge in malware attacks has been seen, including the now inevitable wave of emails from the 'Storm' worm attack (which targeted most important festivals in the past year), supplemented by another outbreak of spyware on a popular social networking site.

The latest Storm wave hit first on Christmas Eve, with a somewhat belated wave of greetings cards targeting unwary celebrators. The wave quickly moved on to the new year, with subjects and URLs reflecting the seasonal message, most being some variant of 'Happy 2008', while the content promised anything but - trojans dropped via exploits adding new systems to the botnets behind the spam campaign.

Facebook, the social networking success story of 2007, saw a large number of users hit buy a nasty application posing as messages from a secret admirer, which in fact led to the installation of notorious spyware product Zango.

The app requires users to provide contact information for a group of their own 'friends' before installing to a Facebook page, and also dropping the Zango software onto the system. It then goes on to push itself on these users, leading Fortinet researchers to label it a 'social worm' in their blog entry on the outbreak, here. More comment from McAfee is here. Another Facebook threat, a phishing attempt uncovered by researchers at F-Secure, is described here.

'Both these attacks reflect the popularity of social engineering with malware authors,' said John Hawes, Technical Consultant at Virus Bulletin. 'They rely on users getting excited at the thought of social contacts, even from strangers, and ignoring usual safety precautions. Users are always going to be the weakest link in security, perhaps as these attacks become ever more commonplace people will start using their heads a little more when they are online.'

More info on the latest wave of Storm is at F-Secure here, at ESET here or at ScanSafe here.

Posted on 08 January 2008 by Virus Bulletin



Latest posts:

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

VB2019 paper: Cyber espionage in the Middle East: unravelling OSX.WindTail

At VB2019 in London, Jamf's Patrick Wardle analysed the WindTail macOS malware used by the WindShift APT group, active in the Middle East. Today we publish both Patrick's paper and the recording of his presentation.

VB2019 paper: 2,000 reactions to a malware attack – accidental study

At VB2019 cybercrime journalist and researcher Adam Haertlé presented an analysis of almost 2000 unsolicited responses sent by victims of a malicious email campaign. Today we publish both his paper and the recording of his presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.