Malicious Spam Lead to Music Videos

Sophos has issued a warning to Internet users to be wary of e-mail that claims to offer pop stars' music videos. This is the latest disguise that malware writers have adopted to randomly infect PCs.

The surge of fraudulent e-mails pretends to provide links to download new music clippings. They use subject lines, like 'cool video is out' and 'awesome new video'. The e-mails refer various musical artists like Kelly Clarkson, Beyonce, R Kelly, Rihana, Foo Fighters, Velvet Revolver and The Eagles.

According to Sophos experts, users who click on the link embedded in the e-mail will find themselves at a malicious Web page containing a harmful script and a Trojan horse crafted to convert their PC into a zombie machine. If the system is infected, it could allow hackers to steal the user's personal information. They could also spam out junk emails and malware, or shoot Distributed Denial of Service (DDoS) attacks from the infected system.

Hackers trying to infect unwary computer users were using the same malware from the family of the Storm Trojan that created turmoil on the Net in January 2007, Sophos said.

Earlier in the end week of August 2007, hackers disguised their e-mails as a link to a video on YouTube and before that they pretended to give breaking news or e-cards. This makes it clear that the miscreants will constantly take new disguises and infect computers of innocent surfers running Windows, said Graham Cluley, senior technology consultant for Sophos. Vnunet.com reported this on August 30, 2007.

The social engineering tactic of exploiting celebrities' names to stimulate readers' interest has happened earlier too. For instance, e-mails offering photos of Angelina Jolie without clothes were recently circulating on the Net. That people still believe and succumb to these scams is unfortunate.

Cluley continued that for some, it might be irresistible to view the new Beyonce video. The problem is less technical and more psychological, he said.

As computer users get knowledgeable of ways to protect themselves against e-mail viruses and other malware, hackers too have changed their style, and are now using the Web as the new medium of attack, Sophos said.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 9/13/2007