Trojan is Hided in Independence Day E-Card
According to the news by Vnunet.com on July 4, 2007, the security experts have cautioned the users about a malware being spread by spam and duping as a 4 July greeting card.
Sophos said that the mail, which is arriving in the inboxes across the world, claims that the user has received a greeting card from a friend and commands it to click on the link in order to view it.
Senior technology consultant at Sophos, Graham Cluley, said that the hackers have no problems in taking the advantage of celebrations like 4 July to exploit the system of others and to leak out data from it, as per news by Vnunet.com on July 4, 2007.
The common subject lines used in the harmful spam campaign are Independence Day celebration, America the beautiful, July 4th Fireworks Show, Happy fourth of July, etc.
The ISC too warned about the patterns that were appearing. As the security authorities began to filter the mail subjects and link hashes, the attackers left no stone unturned in making adjustments in the subject and link to avoid detection.
The ISC alerted on 28th June 2007 about the occurrence of harmful mails. If you think it is gone, it will again come up with another lot of malicious links, as per the news by tech.monsterandcritics.com on July 2, 2007.
As the user clicks on the link (which is in the form of a numeric IP address), the respective server is taken to an exploited zombie computer, which also hosts the JSecard-A Trojan. Further, this malware tries to install more code from the net, which the Sophos termed as Malf/Dorf-C.
Cluley said that instead of visiting the website of a real e-card, after clicking the link, it will lead to other's exploited PC, which is hosting deadly code created to exploit Windows PC, according to Vnunet.com on July 4, 2007.
Related article: Trojans to Target VoIP in 2006
» SPAMfighter News - 16-07-2007