Usual fare for holiday season

Posted by   Virus Bulletin on   Jan 8, 2008

Storm ecards and social site spyware mark unsurprising year end.

With large portions of the globe celebrating various festivals over the past few weeks, an expected upsurge in malware attacks has been seen, including the now inevitable wave of emails from the 'Storm' worm attack (which targeted most important festivals in the past year), supplemented by another outbreak of spyware on a popular social networking site.

The latest Storm wave hit first on Christmas Eve, with a somewhat belated wave of greetings cards targeting unwary celebrators. The wave quickly moved on to the new year, with subjects and URLs reflecting the seasonal message, most being some variant of 'Happy 2008', while the content promised anything but - trojans dropped via exploits adding new systems to the botnets behind the spam campaign.

Facebook, the social networking success story of 2007, saw a large number of users hit buy a nasty application posing as messages from a secret admirer, which in fact led to the installation of notorious spyware product Zango.

The app requires users to provide contact information for a group of their own 'friends' before installing to a Facebook page, and also dropping the Zango software onto the system. It then goes on to push itself on these users, leading Fortinet researchers to label it a 'social worm' in their blog entry on the outbreak, here. More comment from McAfee is here. Another Facebook threat, a phishing attempt uncovered by researchers at F-Secure, is described here.

'Both these attacks reflect the popularity of social engineering with malware authors,' said John Hawes, Technical Consultant at Virus Bulletin. 'They rely on users getting excited at the thought of social contacts, even from strangers, and ignoring usual safety precautions. Users are always going to be the weakest link in security, perhaps as these attacks become ever more commonplace people will start using their heads a little more when they are online.'

More info on the latest wave of Storm is at F-Secure here, at ESET here or at ScanSafe here.

Posted on 08 January 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.