New Waledac Spam Spread Rumors of Bomb Explosion
According to a warning from various security companies, online criminals are attempting to cheat users into downloading malicious codes by enticing them to an Internet site that falsely informs users of 'breaking news' about a bomb blast.
Reportedly, the criminals are distributing their malware by using e-mails that say a bomb blast has killed many people. The e-mails also display the subject line, "Why did it happen in your city?" Take Care!"
Subsequently, it narrates a false tale that 12 people have died and over 40 injured on account of the bomb explosion near an Amsterdam market.
In addition, the e-mail provides a web link that leads the user to an apparent 'Reuters' news item about the blast, with an accompanying video that asks to download a special CODEC necessary to watch the video. But on downloading it, a Waledac infection is triggered. The worm creates a backdoor component on the hijacked system and then waits to get instructions from a remote command-and-control server.
Security specialists have said that the bogus website uses geo-location technology to make the news story appear as if the blast occurred in a location or city near the surfer.
The bogus page also offers Google and Wikipedia search links in the form of "Related Links" at the page's end so that the page appears genuine. However, the text in the e-mails contains some grammatical and spelling errors that suggest the fakeness of the e-mails.
Commenting on the method of attack, Rik Ferguson, Researcher at Trend Micro, stated that the new campaign was an evidence that cyber criminals were not facing any problem in distributing their spam that potentially declined when web hosting firm McColo shut down, as reported by SCMagazine on March 16, 2009.
Meanwhile, it is reported that on March 16, 2009, out of 39 prominent antivirus vendors, 8 detected the Waledac Trojan, as per VirusTotal a file-analyzer.
According to the security specialists, the Waledac botnet's recent attacks had been using the financial crisis, the inauguration and Valentine's Day to infect computer users.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 20-03-2009