Malware Spreading Through ‘Gaza Invasion’ Spam Scam

According to a forensics expert on computer threats at UAB (University of Alabama at Birmingham), a newly emerging e-mail scam taking advantage of the Gaza invasion and a spoofed CNN website for stealing password started rolling on January 8, 2009.

E-mails saying that they were sent from CNN showed convincing news captions in their subject lines as bait to get users to visit websites that carried malicious software.

According to Vice-President of Product Management at RSA, Sam Curry, the scam begins by sending phishing e-mail followed by a social engineering tactic, as reported by ComputerWorld on January 8, 2009.

Curry further said that the e-mail attempts to get the recipient to visit a website resembling CNN.com. There the user is prompted to update to Adobe Acrobat 10. But on accepting it, a Trojan horse is downloaded on the system instead.

Gary Warner, Director of Research at UAB, said that the malware steals passwords needed for conducting online exchanges on banking sites, shopping carts, FTP sites and e-mail or chat systems, as well as transmits the information to a server located in Ukraine, as reported by NewsWise on January 8, 2009.

Besides, malware analysis conducted by UAB students and results are shared with the officials of law enforcement has shown that the Trojan belongs to the same group of computer viruses that had been spreading earlier through the phony video of Obama's acceptance speech. Those viruses were also spreading through the reunion invitations from Classmates.com, and the fake merger letter from Wachovia.

According to Warner, the most frightening part is the use of anti-virus programs for the curve. The curious thing could be that security programs might not recognize the virus, as a test on January 8, 2009 by the UAB students revealed that just 11 of the 38 tested programs could identify the virus, Warner explains.

Security researchers said that the gang of hackers behind the e-mail scam is entirely different and not related to the Israeli or Palestinian cause. These criminals, according to the researchers, are simply abusing breaking news events to trick users into making them their victims.

Related article: Malware Authors Turn More Insidious

» SPAMfighter News - 1/14/2009