Spam Link Allows Remote Surfing on Victim’s PC
In a fresh spam scam if users click on its e-mail link, it enables the attacker to completely commandeer the computer and engage in web surfing as an authorized user. These spam emails have header titles of real news that try to entice unsuspecting users into clicking the corrupt link that installs a Trojan program. This then gives the scammer complete access to victim's machine as well as its Web utility, experts have alerted.
In this spam campaign, says Trend Micro, spammers clog users' inboxes with headlines varying as "Re:U.S. brutal crime is back, more robberies, murders", "Law hits Las Vegas 'fake' bands", "Man Awakens From the Coma spanning 19-Year". Some other headlines in the spam mails are: "Poland U.S. vows to carry on the hunt for lost soldiers", "Decade of Mystery: John Ramsey Speaks" and "xxx is the password for the submitted attachment". All these e-mails lead the recipients to the dangerous Trojan.
This Trojan connects to websites that have malicious components that get downloaded. With this, the routines of downloaded materials become visible on the compromised system. As the Trojan opens the TCP port 80 the system behaves like a proxy server. This enables a remote user to obtain Internet connections anonymously on the victim's PC. A proxy server works in between a user and a server. With proxy server connections, the attacker can hide his original locations as the connection traceable to a system is only of the one where the Trojan resides.
According to Trend Micro, the spam disguises under various news organizations like BBC, ABC, CBS and Yahoo.
The spammers using agents make it appear that the victim's PC is performing the acts. Since the victim's computer functions as proxy server, the remote controller can act illegally on a website and it would seem to be from the victim's machine. This latest spam comes in different themes on different days such as one day it would be about some special deal while on another day it would relate to current affairs, divulged Adam Biviano, premium sources manager at Trend Micro A/NZ, as published by CRN on June 8, 2007.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 25-06-2007