Watch out before clicking on that Adobe Flash Player update through spam email, warns Trend Micro
Same group involved that sent the fake bank certificate spam
New Delhi, November 7, 2008: While the race to the US presidency has ended with Barack Obama winning by a landslide, the race for new Web threats related to his victory has now begun. Trend Micro Research Manager Ivan Macalintal reported of spam messages that started circulating to spread malware, within hours after Obama delivered his acceptance speech.
Says Amit Nath, Country Manager – India & SAARC, Trend Micro, “The spam which has so far affected computers in China, US and Japan, may come with a subject line like, ‘Election Night Results’ or ‘Priorities for the New President’ or ‘Fear of a Black President’. The modus operandi of infecting is quite stealthy, which may lead several gullible users infected – the email invites readers to click on a link to watch Obama’s speech – this link leads them to a make-believe website, ‘America.gov’. The video pane reads, ‘Loading Player’, and prompts to download Adobe Flash Player. To further make it look genuine, the site also provides the estimated time for downloading as 4-6 seconds! This tricks users into clicking the link that serves the malicious file adobe_flash9.exe.”
Trend Micro detects the downloaded Trojan file as TROJ_DLOADER.ISZ, of 3,261 bytes size. Trend Micro researcher Macalintal further points out that this spam run is from the same group that sends fake bank certificate spam (targeting Wachovia, Bank of America, Merrill Lynch, and a German bank’s account holders). The properties of this attack still suggest cybercriminals using a fast-flux network of compromised computers. This spam run is currently still underway as of this writing, using different subjects and fast-changing domains.
Warns Mr. Nath, “Trend Micro analysis reveals that TROJ_DLOADER.ISZ downloads an infostealer, TSPY_PAPRAS.AM, which in turn drops a rootkit component which hides its routines. This infostealer dives into network packets to scour for passwords using Carnivore by searching strings like ftp, icq, imap, and pop3. It sends stolen information to a server in Ukraine. The Trojan is known to infect Windows 98, ME, NT, 2000, XP and Server 2003.”
The malicious URL where this Trojan is downloaded is already blocked by the Trend Micro Smart Protection Network.
About Trend Micro:
Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Visit TrendWatch at www.trendmicro.com/go/trendwatch to learn more about the threats. Trend Micro’s flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe. A transnational company, with headquarters in Tokyo, Trend Micro’s trusted security solutions are sold through its business partners worldwide. Please visit www.trendmicro.com.
Media Contact:
R&PM:Edelman
Puneet Khunger/Priyangshu Dutta
9717022726 / 9717537878
puneet.khunger {at} edelman(.)com / priyangshu.dutta {at} edelman(.)com
Puneet Khunger
R&PM:Edelman
Lotus Plaza, Third Floor
732/1 (Near Motorola Building)
Mehrauli-Gurgaon Road
Sector 14
Gurgaon – 122 001
Ph: +91 124 4292471-74 (Extn.15)
|
TechWhack on Facebook
|
