Security experts have issued a warning about a new spam campaign using PDFs to spread malware. The email arrives with
what looks like a note from a friend:
“Hey man… Remember all those long distance phone calls we made. Well I got my telephone bill and WOW. Please help me and look at the bill see which calls where yours ok…”
The “bill” is attached to the email as “PhoneCalls.pdf” and if clicked on, takes advantage of vulnerability in Adobe Reader in order to download the Sality virus. This virus, which appears to have originated in Russia, is extremely dangerous. It takes over the autorun feature, installs a peer to peer connection to a botnet, downloads additional malware, looks for and disables any anti-virus software it finds, looks for and infects any local, remote, and removable drives, alters the Windows registry to infect any .exe file set to load on startup, and worst of all, damages every file it infects beyond repair. It is one of the nastiest viruses out there today. Its botnet contains over 100,000 computers.
Adobe says they have released an update that repairs the vulnerability and if your IT department hasn’t installed it they should ASAP, but neither that nor having the most recent version of the program are guarantees against getting infected. Sality has been around since 2003 and has grown more and more complex and sophisticated with no end in sight. It’s important to have an anti-virus solution that can block zero-day attacks and threats.





An add-on program that allegedly infected the computers of 4000 users of the Firefox Web browser was clean and malware free, according to the maker of the application.
researchers say a 30% spike in phishing spam was detected following the announcement as spammers rushed to take advantage of the huge audience looking for info on the device. In addition to phishing spams hawking deals on MacBooks and iPhones, the researchers discovered widespread SEO poisoning designed to lure people searching for terms like “iPad price” or “iPad specs” to malicious sites serving malware, mostly fake anti-virus software.
A new report out by security experts says that over 25 million new strains of malware were discovered in 2009, and that number is expected to rise in 2010. Trojans are the most popular type distributed, making up 66% of all malware, followed by Adware at 17%. Adware includes scareware such as fake anti-virus, fake registry cleaners, and fake anti-spyware programs. Viruses, spyware, rootkits and worms make up the remainder.
Security experts have detected a new phishing campaign that uses fake Microsoft Outlook notifications to spread malware. Over a million of the spam messages have been intercepted by spam and phishing filters since Thursday.
A security researcher recently discovered a new malware attack that has poisoned nearly 300,000 websites. The SQL attacks began last month and use a hidden iframe to redirect visitors to a malicious site that is programmed to look for and exploit known vulnerabilities in several different apps including Adobe Flash, ActiveX, IE, and several other Microsoft applications. If found, a rootkit called Backdoor.Win3.Buzus.croo is installed. This malware steals banking information and likely downloads even more malware to the infected system. It’s believed to be related to the Rustock botnet.