Researchers at the University of California, San Diego and Berkley successfully infiltrated the Storm Worm to measure the conversion rate of spam. They found that it took only a single response from 12 million spams sent for spammers to reap huge profits.

The infiltration was accomplished by impersonating a component of the network used to send instructions between the host server and the infected PCs (commonly known as bots or zombies) it controls. This allowed them to place their own URLs in some of the spam sent. These URLs redirected to fake store fronts appearing to offer a variety of pharmaceuticals. These fake stores were fully functional up until the point a customer tried to check out. Before they could enter any payment info the site gave them an error message. The researchers never collected or even saw any personal info.

Read the rest of this entry »

A new wave of malicious spam is using fake Windows security alerts to deliver its payload. According to Microsoft, the emails claim the alerts are part of a new, experimental and private version of an update for all Microsoft Windows OS users.

The recipient is prompted to download an attached file containing the alleged update, which is really a Trojan called Win32/Haxdoor. It records passwords, credit card numbers and other personal information and sends them to the scammers. Fortunately this Trojan is detected by antivirus programs and the Windows Malicious Software Removal Tool.

Read the rest of this entry »

Security experts are reporting that malware laden spam is on the increase. The malware is either delivered via .zip or .rar attachments or by directing the recipient to a compromised website via a link. Another method rising in popularity is the embedding of malicious code into the source code of the message. Most of the payloads were Trojans and information-stealing applications. The most popular malware sent via spam is the Pandex Trojan, which turns a computer into a zombie machine, harvests addresses from a variety of files, including .eml, .txt, and htm, and installs a rootkit.

Read the rest of this entry »

Most web browsers are supposed to protect people by implementing security zones. These safe zones use different security settings of a web browser, which can vary based on the location of the web page being viewed. Phishing emails can lure users to a malicious code web site.  These sites attempt to install spyware, malware or both onto the unknowing person’s computer. These web sites rely on weaknesses in web browsers, which will allow installation and execution of harmful programs on a computer.  These web browser vulnerabilities allow overriding settings, even when these sites are located in a security zone that is not trusted and normally would not allow those actions.

Read the rest of this entry »

Security experts have intercepted an email based malware attacked aimed at U.S schools and government organization. Over 1000 malware laden emails were sent from 15 IP addresses, most of them originating in Russia. The attack lasted two days and attempted to deliver a Trojan called Spy.Win32.Zbot.ele disguised as a Windows Update. A similar attack was aimed at U.S. businesses. It’s believed the Spy.Win32.Zbot.ele Trojan is the same one that delivers the infamous and nasty AntiVirus XP 2008 virus. The typical social engineering techniques commonly used by spammers these days were used, with an attempt to personalize them for the educational audience they were aimed at.

Experts speculate that the attack may have come from a brand new botnet located somewhere in Russia that is looking to establish itself. All of the IPs used in the attack were consumer based and presumably hijacked to hide the true origin of the attackers.

A massive new spam attack has security vendors warning IT admins to ramp up their spam filters. The spam is of the fake but lurid headline variety, but this time the fake headline targets presidential candidate Barack Obama. The email claims to be a breaking news story about an Obama sex scandal and includes a link to a video claiming to show the senator in a sexual tryst with several Ukranians during his visit to that country last year.

Anyone who clicks on the link is treated to a 14 second pornographic video, which masks the fact malware is being downloaded to their computer. The malware includes a Trojan that allows a hacker to take full control of the PC and a keylogger that sends every keystroke to a remote server controlled by the hacker. This type of malware could be particularly disastrous should an employee unwittingly download it onto a company PC and give a hacker access to sensitive corporate info, so beware and make sure those spam filters are working!

Yes, really! A new wave of malicious spam is proclaiming the Internet will come to an end in 2012. Obviously if this were true, spam would also come to a screeching halt. The messages have subject lines such as “Secret Plan To Kill Internet By 2012: Leaked?” and “2012: The Year The Internet Ends” and suggest a secret conspiracy is at work to kill off the Internet as we know it and replace it with a highly controlled subscription model. The claim is false of course, and the PDF attachment that comes with the spam (yes, PDF spam is back!) actually contains malware-a Trojan called Pidief.A, aka PDFex-A that quietly disables Windows Firewall and then downloads even more malware.

Read the rest of this entry »

The Storm Worm has returned with a vengeance, filling tens of thousands of email boxes with malicious spam. The spam, with titles such as “we belong together” and “if loving you”, has an ebedded trojan called iloveyou.exe which turns the infected computer into a member of it’s botnet. Over 81,000 malicious emails as day are being sent.

This latest attack confirms fears by analysts that the Storm Worm is being rejuvenated after 18 months of decline. The unknown hackers behind the worm also appear to be exploiting a large amount of websites which they are using to host their malware.

No one yet knows what plans the rejuvenated botnet has, but most researchers agree that the stories of it’s demise have been greatly exaggerated.