Websense Discovered Malicious Social Networking Spam Campaign
A malicious social engineering spam campaign is running on the net, said Websense Security Labs ThreatSeeker. The campaign includes sending of fake official e-mails from Orkut, a Web 2.0 social networking site of Google.
The e-mail informs the Orkut user that his account is under investigation and will be closed within 24 hours if he does not follow the instructions by visiting the hyperlink embedded in the e-mail.
When a user clicks on the hyperlink embedded in the e-mail to follow the instructions, he permits a malicious Trojan downloader, "regulamento_orkut.exe", to load onto his system. Besides, the AV detection of this malicious Trojan downloader is very low.
After loading on the victim's system, regulamento_orkut.exe downloads another malicious file called fox.exe from the same website, according to security experts. Several copies of this file are loaded at different locations on the targeted system with different names. It also loads one copy to start up and monitors user's browsing activities to steal personal information.
Furthermore, when the malicious code is downloading on the victim's machine, a pop up emerges on the screen displaying objectionable material.
According to security experts, this is one more example of technique used by spammers to carry on their attacks for a longer time period. In fact, this has become a trend which is increasingly targeting Web 2.0 sites to launch a wide range of attacks.
With its growing popularity as a social networking site among online community users, Orkut is bound to catch the attention of malware writers looking for their targets, said security experts. Moreover, Orkut is viewed as a network of trusted contacts; thus, malicious writers are exploiting this trust to trick unsuspecting experts.
Security experts further revealed that Orkut had earlier witnessed similar Trojan virus attacks. In July 2006, majority of Orkut account-holders received a malicious link from other infected contacts. If any recipient clicked on that link, a malicious Trojan downloader called Win32.Banload.aoo was loaded onto the system. It further downloads password stealing keyloggers and trojans from malicious websites without consent of the user.
Related article: Websense Spam Campaign Using BBB Name
» SPAMfighter News - 29-11-2008