Trojan ‘Papras’ Spotted on Match
Cyber criminals are using the popular online dating website Match.com to infect visitors with malicious code, warn security experts at Websense Security Labs. The experts have revealed that the recent spam scam is trying to spread 'Papras', a Trojan worm.
The Trojan, according to Websense, steals login details as well as other confidential information from the infected system. It also contains a rootkit that helps it to hide. Once installed, it copies itself in the computer's Windows directory.
On April 7, 2009, Websense got numerous spam mails in its e-mail Honey Pot, a system that tracks spam messages. These malicious e-mails say that someone is interested to display to the recipient her videos and pictures. These e-mails persuade the user to go to a website that the attacker has created rather than the real Match.com.
However, on running the video, the user is asked to download a video player named ADOBE_Playerinstallation.exe, a file which in reality is a Trojan.
The security researchers further state that cyber criminals have particularly targeted Match.com for spreading the infection because it has a large number of users that count to over 15 Million members.
Carl Leonard, Threat Seeker Manager at Websense, says that the current spam campaign changes its topic as fast as one would change his socks so that the campaign remains fresh, as reported by SCMagazine on April 9, 2009. Leonard said that these spammers are known to attack social-networking websites like Facebook.com and Classmates.com and to dispatch a large number of spam mails within a short period. Thus, the same strategy in the Match.com attack, according to Leonard, has yielded considerable success as people are not familiar with its new theme.
Meanwhile, the spread of Papras is not new. In November 2008, a malicious e-mail containing news of Obama as the US new President circulated across people's inboxes that disseminated the malware.
Thus, security experts advise users to update their firewall and antivirus software to mitigate dangers from the Trojan. Further, members of Match.com as well as other online dating websites are urged to remain alert of such scams.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 15-04-2009