Spam Displaying Explicit Images Downloads Trojan
Security firm Sophos has issued a nation-wide alert of a new spam that offers 'free' explicit images and videos. The true purpose of the spam is to make users download a malicious Trojan. The e-mail circulated contains a link to the 'Psyme-DL Trojan' and has a variety of subject lines containing the words 'free' and 'porn'.
The e-mail consists of only one sentence and a link to the malicious file. When a user clicks on it, he gets a list of 'free' content while the Trojan tries to download itself onto the system. Security experts at Sophos note that 'Psyme-DL' exploits a Microsoft Internet Explorer hole, MS06-014. If anyone accesses the link using 'Firefox', a message pops up asking the user to change browser.
As said by Carole Theriault, 'senior security consultant' at Sophos, many users still find it hard to resist opening e-mails with catchy headlines despite the number of warnings about 'safe computing' and 'appropriate online behavior'.
The malware infects machines and tempts users to peek at some free porn thereby taking them down a rat hole. The writer of 'Psyme-DL' is not just trying to humiliate users but also attempt to make commands over their PCs in order to spy, steal or cause other havoc.
'Troj' Psyme-DL' exploits 'ADODB' (ActiveX Data Object Database) vulnerability to install malware, elicits Sophos in a security advisory posted on its website. The company further explains that an 'ADO (ActiveX Data Objects) stream object' contains techniques for reading and writing binary and text files. When an ADO combines with a known security flaw in Microsoft Internet Explorer, a website could run scripts from a 'Local Machine Zone'.
As per a security bulletin of Sophos, Microsoft has given three ways to disable the 'ADODB.Stream object' from Internet Explorer. One can update his/ her PC by using 'Microsoft Windows Update', or download an update file from the 'Microsoft Download Center', or disable manually the 'ADODB.Stream object'.
Experts suggest companies to use a consolidated solution to protect their e-mail gateways from viruses, spyware and spam, as well as secure their desktop and servers with automatic updates.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 29-11-2006