Websense - Spam Mails Lead to Bogus SMS Reader Program

According to Websense Security Labs ThreatSeeker Network on April 16, 2009, it has detected a fresh spam campaign spreading via e-mails that trick recipients into downloading an SMS reader program, which is actually a fake.

The Company further reports that hundreds of malevolent e-mails have come to it via its HoneyPot system. The messages in the e-mails are in the Russian language, implying that the campaign is essentially meant for the Russian speaking people.

The e-mails claim that a new edition of "SMS Reader V4.0" is available with which SMS messages could be downloaded on a mobile phone automatically and anonymously. Websense researchers disclose that a link is provided to download the free trial version of the program. However, on clicking the link, it installs a Trojan program instead. Some security providers identify this Trojan as the Cutwail Trojan downloader.

The security researchers state that this Trojan is designed to download and execute arbitrary software on the infected systems. Further, to conceal its presence on the computer, the Trojan plants a rootkit on it. Moreover, the Trojan does not replicate of its own, while its channels for distribution include P2P file sharing networks, e-mails, newsgroup postings amongst others.

Websense further declares that different spam mails contain different links that connect with an apparently randomly named .exe file hosting on the Russian servers.

Security researchers state that 32.5% of the antivirus software could not spot the Trojan.

Interestingly, when Websense is announcing the current spam scam, Trend Micro is also reporting of another spam scam that is more or less similar but triggered by Waledac PC virus. In this, the e-mails pose to offer software that supposedly peeps into the SMS messages of other people, but in reality installs the virus.

Security analysts say that spammers are getting cleverer and employing highly sophisticated and latest techniques to entice people into downloading viruses or trojans on their computers. Hence, users are recommended that they should maintain their computers up-to-date with the most recently available AV software.

Related article: Websense Discovered Malicious Social Networking Spam Campaign

» SPAMfighter News - 4/25/2009