Cyber Attacker Pretends to be New York Times

According to MessageLabs (now part of Symantec), a newly launched personalized e-mail attack is posing as a message from the New York Times (NYT). The attack was tracked at MessageLabs on February 24, 2010.

Exploiting The New York Times' (NYT) reputation for being authentic, a sinister Internet attacker utilized a promotional item touting NYT's "TimesReader 2.0" to serve as a lure inside a personalized phishing e-mail attack.

The MessageLabs researchers state that once run, the "TimesReader Plugin.exe" employs iexplore.exe for dispatching encrypted files via port 443 to 82.103.136.9.

The file links to some Denmark IP address that seems a PC joined to a home network. While running the .exe file, nothing is displayed. Therefore, the victim doesn't realize that his computer has been infected. The sole hint is the running of an iexplore.exe program, while the Internet Explorer browser hosts no session. The executable loads a pair of files in C:\windows\system32 directory by the names of rundl32 and rundl32.exe.

The rundl32 file actually contains a keylogger, which times out within 60-minutes and then erases itself, says Paul Wood, Senior Analyst at MessageLabs Intelligence, as reported by GSN on February 25, 2010.

According to MessageLabs, the e-mail assault started from an Internet Protocol address traced to Greece. Paul Wood said that it wasn't clear whether another PC from some other country captured the one in Greece. According to him, it might not be possible to know whether such computers were under the control of another PC that is controlled by the con people.

Besides, the phishing assaults seem to have struck 6 separate domains of a law company, a public sector company, 3 chemical firms as well as a company for online gambling within the United Kingdom. The domains are all Symantec's present customers. Wood said that approximately 25 PCs in the above companies had been contaminated till date.

In the meantime, Martin Nisenholz, Senior Vice President for Digital Operations, The New York Times, stated that he hadn't yet come to know about the so-called phishing attack, as reported by GSN on February 25, 2010.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 06-03-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial