Sophisticated Spam Dispatched Through Php Tools From Hijacked Servers
Kaspersky Lab the anti-virus provider is cautioning that web-hackers with the help of tools such as PHP shells are increasingly applying them on hijacked servers for distributing bogus e-mails.
The tool, apparently, is the discovery of security researchers at Kaspersky, who found that it was being used on hijacked web-servers across Brazil as well as Latin America in general. These are the countries experiencing phishing and spam as two of the top online crimes.
Elaborating about the criminals' tricks, Kaspersky stated that online crooks nearly always applied social engineering tactics for executing attacks. At times they dispatched fraudulent electronic mails from widely-used Internet services or banks. They also compiled e-mail databases after stealing e-mail ids of potential victims from their contaminated computers and especially those saved within e-mail clients.
When such compilation was complete, the fraudsters engaged a number of outside applications such as PHP shells on hijacked servers.
Said security expert Dmitry Bestuzhev of Kaspersky Lab, during his routine examination, he discovered a fascinating shell that helped in bulk mailing and it showed its origin of creation as Brazil. Softpedia published this on September 9, 2010.
Bestuzhev further explained that criminals could modify the original PHP shell and thereby spoof the actual subject lines in the spam mails they dispatched.
Still bad, criminals were distributing bogus messages in the name of reputed companies; like in the current instance IG (www.ig.com.br), an Internet service widely-accepted within Brazil. The messages spoofed headers, IP addresses as also faked the spam rating.
Thus, it's highly likely that the current spam mail will be effectively served to the target user, evading spam filters. It can even deceive extremely experienced IT persons into believing it arrived from IG.
Meanwhile, by analyzing the hijacked web-server still further, it became evident that a dangerous Brazilian defacer, who compromises innumerable websites every week, actually hacked into it. Understandably, the defacer changed the content of 42 domains on a single day, September 7, 2010.
Researchers are advising that users must not only have anti-malware software duly deployed, but should also know about the prevailing problems for remaining protected against various malicious codes.
Related article: Substantial Growth in Organized Cybercrime in 2008
» SPAMfighter News - 20-09-2010