MX Lab Intercepts Yousendit Spam Schemes

Security researchers at the Belgian e-mail security firm MX Lab report that cyber-criminals are running two spam scams, which exploit the popular website name "YouSendit" a specialist in file-sharing as well as distribution on the Internet.

Note the researchers that one of the spam scams involves electronic mails which have the subject line "You have received a file from aleppotz@rockypointinc.com via YouSendit." Moreover, the sender's e-mail ids appear differently based on what name has been spoofed.

Additionally, the main text of the e-mail suggests an apparently MP4 formatted audio file in the e-mail that the reader can download at YouSendit. But, the provided web-links don't take users onto YouSendit's website rather onto hxxp://carlaustiniii.org/x.html.

Furthermore according to the researchers, if the URLs are clicked on a Mac computer then a message may appear saying "PLEASE WAITING 4 SECOND...."

The experts believe that here the spam mails contain malware capable of contaminating the user's PC. Later on, the user would get diverted onto a Canadian Pharmacy web-page, hxxp://spruceteam.com/.

Meanwhile, according to the other e-mail scam, recipients are told that they must execute a malevolent file inside an attachment.

This attachment's name is YouSendIt_reader.zip. When unzipped, a file named YouSendIt_reader.exe as large as 20KB becomes available. An embedded Trojan virus accompanying this attachment is also encountered which received different names from different security companies like F-Secure, BitDefender and GData call it Gen:Variant.Bredo.2, while Microsoft calls it TrojanDownloader:Win32/Waledac.C, explain the MX Lab security investigators. Softpedia.com reported this during the 1st week of August 2010.

Worryingly, as per MX Lab, its security investigators have found that combined strategies are on the rise as seen over the recent months. In these strategies, e-mails take users onto a website that contain exploits and malware. Subsequently, the user is forwarded onto one spam website amidst anticipation that he wouldn't notice a Trojan infection on his PC. Importantly, spammers of the mentioned two spam campaigns have made use of this strategy.

Nevertheless, to remain safe from becoming compromised, the researchers have suggested users to remain very careful about all files and web-links got through e-mails no matter how trustworthy they may appear.

Related article: Mac OS X Devoid of Malware, Vexing Experts

» SPAMfighter News - 17-08-2010

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial