CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 8th, 2008

Another Breaking News Social Engineering Spam Installs Malware And Fake Anti-Spyware Tools

Websense Security Labs ThreatSeeker Network has discovered a substantial number of spam messages utilizing a social engineering tactic that lures users to download malicious software.

Spammers quickly react to the latest major online news updates, capitalizing on these events to achieve better success rates with their social engineering tactics. The recent media coverage discussing Osama Bin Laden seem to have prompted spammers to quickly recycle an old spam campaign.

The messages include a link to a compromised site which contains an obfuscated JavaScript that tries to exploit a rather old vulnerability corresponding to Microsoft Data Access Component (MDAC). Regardless of whether the exploit succeeds or fails, the visitor is then redirected to a page showing a fake security warning encouraging users to download anti-spyware tools to repair their system. Spammers usually use this tactic to encourage users to install rogue applications. In this particular example, the malicious file installs itself as a service on the system.

The same malicious executable is used throughout different spam campaigns bearing following email subjects lines:

Jennifer Aniston Interesting mp3!!!
Clara Morgane Shocking photo!!!
Kylie Minogue Interesting video without cowards!!!
Demi Moore New sexy songs!!!
Avril Lavigne Shocking porno dvd!!!
Nicole Richie Kick-up cd!!!
Beyonce Shocking sexy songs!!!
Keira Knightley Gallery photo!!!
Britney Spears Interesting cd!!!

Share this item with others:

More on CyberInsecure:
  • Users Fear Of Illegal Content Targeted By Social Engineering Trojan
  • Fake Sex Scandal Spam Campaign Involving Barack Obama Spreads Malware
  • Massive Spam Campaign Spreads False CNN News Items With Fake Flash Player Malware
  • 30 Percent Of New Major Social Networks Accounts Are Fraudulent
  • Fraudsters Prey Upon Public Interest In Current Events to Launch Trojan Attacks On Fake CNN Site

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Another Breaking News Social Engineering Spam Installs Malware And Fake Anti-Spyware Tools

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.