Scammers Again Break in Using YouTube & GeoCities SitesPhishers are again using the popular site for online video exchange, YouTube. According to Trend Micro, the security major, the phishing scam begins with a spam mail containing an unclear thumbnail of something like overlapping limbs together with a description of a video pointing to a touching story of two lovers discovering their heart. Like in some previous instances, the YouTube is again being used for spamming to redirect users to phishing Websites. The Trend Micro team looking after content security has detected a message that says that whoever clicks the YouTube logo will find a log-in page for the site. Subsequently, if a user logs onto his/her account on the page or sets up a fresh account, he/she is taken to another Web page. A screenshot that accompanies the spam mail says that if users click on the links embedded in the e-mail, they will be led to a page that informs them to use a Flash player to watch the video. And to provide users with this Flash player, they are taken to http://www5.youtube.com.site{BLOCKED}.be4koy.com.es/watch/v/install_flash_player.exe, which offers a file, install_flash_player.exe for downloading. Trend Micro has spotted the file as TROJ_DROPPER.KAP and found that it contains an executable called aspimgr.exe. Once it is installed, the file dispatches many more messages with the same information. Alternatively, users could be fooled into giving away the e-mail addresses from their friend list on the login page that allows the fraudster to harvest active e-mail addresses, according to security experts. Another scam relates to the use of GeoCities, the web page hosting facility by Yahoo. In this case, Trend Micro anticipates that Yahoo security would get entangled with activities relating to the Storm worm. Security Researcher for Trend Micro, Ivan Macalintal, said that while reports about Storm worm spamming e-mails containing links pointing to a GeoCities-based site are limited, they involve the tracking of spam formats being distributed via Storm messages to its network of bots. Securitypronews published Macalintal's statement on November 16, 2007. The 'Storm' authors have placed the malware in the garb of "iPix plug-in", which on downloading installs a Trojan. Related article: Scammers Exploit Tax System Resulting in ID Theft » SPAMfighter News - 12/4/2007 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
