Cyber Attacker Pretends to be New York Times
According to MessageLabs (now part of Symantec), a newly launched personalized e-mail attack is posing as a message from the New York Times (NYT). The attack was tracked at MessageLabs on February 24, 2010.
Exploiting The New York Times' (NYT) reputation for being authentic, a sinister Internet attacker utilized a promotional item touting NYT's "TimesReader 2.0" to serve as a lure inside a personalized phishing e-mail attack.
The MessageLabs researchers state that once run, the "TimesReader Plugin.exe" employs iexplore.exe for dispatching encrypted files via port 443 to 220.127.116.11.
The file links to some Denmark IP address that seems a PC joined to a home network. While running the .exe file, nothing is displayed. Therefore, the victim doesn't realize that his computer has been infected. The sole hint is the running of an iexplore.exe program, while the Internet Explorer browser hosts no session. The executable loads a pair of files in C:\windows\system32 directory by the names of rundl32 and rundl32.exe.
The rundl32 file actually contains a keylogger, which times out within 60-minutes and then erases itself, says Paul Wood, Senior Analyst at MessageLabs Intelligence, as reported by GSN on February 25, 2010.
According to MessageLabs, the e-mail assault started from an Internet Protocol address traced to Greece. Paul Wood said that it wasn't clear whether another PC from some other country captured the one in Greece. According to him, it might not be possible to know whether such computers were under the control of another PC that is controlled by the con people.
Besides, the phishing assaults seem to have struck 6 separate domains of a law company, a public sector company, 3 chemical firms as well as a company for online gambling within the United Kingdom. The domains are all Symantec's present customers. Wood said that approximately 25 PCs in the above companies had been contaminated till date.
In the meantime, Martin Nisenholz, Senior Vice President for Digital Operations, The New York Times, stated that he hadn't yet come to know about the so-called phishing attack, as reported by GSN on February 25, 2010.
Related article: Cyber Child abuser Sentenced To Imprisonment
» SPAMfighter News - 3/6/2010
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!