Usual fare for holiday season

Posted by   Virus Bulletin on   Jan 8, 2008

Storm ecards and social site spyware mark unsurprising year end.

With large portions of the globe celebrating various festivals over the past few weeks, an expected upsurge in malware attacks has been seen, including the now inevitable wave of emails from the 'Storm' worm attack (which targeted most important festivals in the past year), supplemented by another outbreak of spyware on a popular social networking site.

The latest Storm wave hit first on Christmas Eve, with a somewhat belated wave of greetings cards targeting unwary celebrators. The wave quickly moved on to the new year, with subjects and URLs reflecting the seasonal message, most being some variant of 'Happy 2008', while the content promised anything but - trojans dropped via exploits adding new systems to the botnets behind the spam campaign.

Facebook, the social networking success story of 2007, saw a large number of users hit buy a nasty application posing as messages from a secret admirer, which in fact led to the installation of notorious spyware product Zango.

The app requires users to provide contact information for a group of their own 'friends' before installing to a Facebook page, and also dropping the Zango software onto the system. It then goes on to push itself on these users, leading Fortinet researchers to label it a 'social worm' in their blog entry on the outbreak, here. More comment from McAfee is here. Another Facebook threat, a phishing attempt uncovered by researchers at F-Secure, is described here.

'Both these attacks reflect the popularity of social engineering with malware authors,' said John Hawes, Technical Consultant at Virus Bulletin. 'They rely on users getting excited at the thought of social contacts, even from strangers, and ignoring usual safety precautions. Users are always going to be the weakest link in security, perhaps as these attacks become ever more commonplace people will start using their heads a little more when they are online.'

More info on the latest wave of Storm is at F-Secure here, at ESET here or at ScanSafe here.

Posted on 08 January 2008 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.