Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on April 12, 2007 6:32 PM.

The previous post in this blog was Harvesting teenager ID's and phishing.

The next post in this blog is More information on why the use of stronger authentication doesn't stop phishing attacks.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Harvesting teenager ID's and phishing | Main | More information on why the use of stronger authentication doesn't stop phishing attacks »

Message about you having malware dupes people into getting malware

The ironies of life. Here's a great example. Today, Computerworld ran a story "Massive spam shot of 'Storm Trojan' reaches record proportions". In it, they document the largest spam attack of the year to date. Here' why it's ironical:
"
Arriving with subject headings touting Worm Alert!, Worm Detected, Spyware Detected!, Virus Activity Detected!, the spam carries a ZIP file attachment posing as a patch necessary to ward off the bogus attack. The ZIP file, which is password protected -- the password is included in the message to further dupe recipients -- actually contains a variant of the "Storm Trojan" worm, which installs a rootkit to cloak itself, disables security software, steals confidential information from the PC and adds it to a bot army of compromised computers.

Irony, it seems, isn't lost on the attackers. "This is really a self-fulfilling prophecy," said Swidler, "by warning users about a worm attack to get them to click on a worm."
"

Then there's the magnitude of the malware attack:
"
Postini has already counted nearly 5 million copies of the spam in the last 24 hours, and calculated that the run currently accounts for 87% of all malware being spread through e-mail. Spam rates have jumped as well; Postini said 79% of all e-mail is now spam, while rival MessageLabs Ltd. reported a 13% jump in spam's slice of all messages in just one hour.

"Expect this to grow much larger," Swidler said. "It should top out at 60 million messages within the next 24 hours."

Worse, the malware bundled with the spam is self-replicating, so it's able to sniff out e-mail addresses on infected PCs and send copies of itself to those recipients. "There will be a fair number of additional infections," Swidler said. He warned that even when the spam campaign exhausts itself, the newly compromised computers might be able to sustain large quantities of spam on their own.
"

Then there's the sophistication of the attack:
"
The spam blast also includes a host of randomization and antidetection features, other researchers said. "E-mails are randomized with different filenames, different passwords and different binaries within the ZIP file to evade detection," Ken Dunham, director of VeriSign Inc.'s iDefense rapid response team, said in an e-mail. "And once executed, the worm communicates over a private peer-to-peer (P2P) network to update itself."
"

Add all this up and it's very bad news for many computer users. Don't click on links or document attachments in emails or instant messages. If you do, you may lose your identity information, valuable authentication information and possibly suffer monetary loss as a result.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on April 12, 2007 6:32 PM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/203

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)