WikiLeaks Spam Mails Push Malware: Symantec
Security investigators at Symantec the security company are cautioning that disseminators of malicious software are taking advantage of the latest WikiLeaks exposures.
Commonly called Whistleblower website, WikiLeaks essentially is an organization that provides news on a no-profit basis, while concentrating on publishing information and news for the public.
Worryingly, during the start of the end-week of November 2010, WikiLeaks began releasing cables leaked out from the U.S. Department of State, which provide a lucid picture about the foreign affairs of the country. Reportedly, the organization has the possession of more than 250,000 documented news reports on the diplomatic front, covering many years, which emanated out of 274 American embassies. Apparently, WikiLeaks is thinking about releasing all those news cables slowly.
Moreover, interest has risen in the information exposed from the leaked cables to such an extent that online crooks just couldn't overlook them for cashing on them.
As a result, they executed one e-mail scam attacking interested users' PCs worldwide.
These spam mails have been intercepted at Symantec, which notes that their header is "IRAN Nuclear BOMB!" The "From" space shows an address spoofed to appear as Wikileaks.org, while there is a URL embedded along with the main message.
The URL pulls down and executes Wikileaks.jar a file that contains a downloader of 'Wikileaks.class' type malware. The downloader links up with http://ugo.file[removed].com/226.exe from where it pulls the malware that Symantec has identified as W32.Spyrat.
Explains Samil Patil researcher at Symantec, W32.Spyrat creates a backdoor by utilizing an already determined IP address and port, letting a scammer do numerous activities on the hijacked PC. These are writing, reading as also running files; capturing saved passwords; executing instructions; turning on and watching an online camera; logging keystrokes; and opening an HTTP-proxy with which Web-traffic can be routed via the hijacked PC, Patil lists out. Softpedia.com published this on December 8, 2010.
Meanwhile, Symantec, the company, warns all end-users against clicking web-links or opening attachments within e-mails like the latest ones even though their sources may appear trustworthy. Furthermore, they should always have their security software updated to keep their PCs safe from any possible compromises.
Related article: WikiLeaks Shapes Spam Scenario during December 2010
» SPAMfighter News - 21-12-2010