Mabezat Worm Preys on Job SeekersAs per the security researchers, the last week of February 2010 has witnessed an increase in spam e-mails containing cautiously packed files infected with computer worm "Win32.Worm.Mabezat.J". Taking benefit of the unstable state of the world economy, cybercriminals are masquerading malware as genuine job offers. It appears as if the worm is a variant of an earlier edition; however, it makes use of some smart words to convince recipients to visit the infected Webpage served to them. The spam mails carry different job-related mail subjects, like 'We are hiring you', 'Web designer vacancy', 'New work for you', or 'Welcome to your new work'. According to reports, the e-mail has an allegedly safe attachment "winmail.dat" that is billed as being a Word RTF (Rich Text Format) file. Most of the knowledgeable users run the file through Winrar or Winzip, which decodes the DAT file into its end format but most importantly, the strange nature of the DAT file indicates that most of the on-network IT security technologies fail to notice the malicious payload. On extraction, the archive shows up what seems to be a MS-Word document called Reademe.doc. However, on close examination, it appears to be an executable file infected with Win32.Worm.Mabezat.J. What is most important about this worm is the fact that it can hit executable files by substituting the first 1768 bytes of the malicious executable file with the encrypted body of its own. The worm begins its infection campaign by infecting the main executable of the Windows Media Player along with some binaries in Outlook Express. The security experts opined that the Mabezat family is very harmful. Along with infecting binary files and system files, they also gather mail addresses from different file formats that it finds on the infected machine. After the compilation of the e-mail list, the worm starts mass-mailing itself by using its own SMTP engine. A senior researcher with BitDefender, Alexanderu Catalin Cosoi, said that for the ultimate protection of their PCs, users should install a complete anti-malware suite, including anti-spam, anti-virus, anti-phishing and firewall protection, as per the news published by infosecurity.com on March 3, 2010. ยป SPAMfighter News - 3/10/2010 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
