Email and Internet content security providers have identified a new outbreak of malicious spam emails that use login account confirmation details as a hook to get email users to visit an infected web site.
According to the Marshal TRACE team (Threat Research and Content Engineering), the spam emails appear to come from a legitimate organisation and provide recipients with temporary login confirmation details for a web site. The spam uses text like “for security purposes, please login and change the temporary Login ID and Password”. The messages include a link to an IP address which is in fact a website infected with the Storm Trojan.
The messages appear to come from the technical support departments of a range of organisations with names designed to generate the interest of the broad public, such as “Joke-A-Day” and “Web Players”. The links appear as an IP address rather than a more normal URL – e.g. http://213.161.89.20/
This outbreak is the latest in a string of social engineering tactics used by the same individuals responsible for the Storm Trojan to propagate their botnet.
The Storm Trojan first appeared in January 2007. It quickly gained success and notoriety by using the guise of current affairs headlines to fool unsuspecting recipients into clicking on a link which lead to the Trojan. Examples of the headlines used included, “Saddam Hussein alive!” and “Chinese missile shot down by USA aircraft”. Since then the group of criminals behind the Storm Trojan have used the guise of greeting cards to infect computers with subjects ranging from the 4th of July to Thank You cards.
The ‘confirmation spam’ outbreak has been launched by the same group that launched the Hot Pictures campaign last month. Previously these spam campaigns, like the greeting card campaign, would last for weeks at a time. Now however, spammers are modifying or launching new spam campaigns almost daily, presenting new threats and risks to business systems and data.
acs, the county’s leading office solutions provider, has developed spamcontrol365 to help protect your business from spam and viruses. To learn more or to arrange a consultation, please contact the acs team today on 01604 704000. |
