Spam Promising Video of Eclipse Installs Trojan
Websense Security Labs has warned that spam mails are being distributed to trick recipients into downloading content from the Internet and possibly installing a malicious video film of a lunar eclipse.
Around 4,000 state employees received the e-mail and hence, some officials from the Division of Enterprise Technology were sent to ensure protection of the state computer systems.
The malicious eclipse messages have been using subject lines such as "Total Moon Eclipse Video on NASA TV" "Shocking video with Total Moon eclipse" "Your guide to the total lunar eclipse" and "Lunar Eclipse Video".
Users are cautioned about the download that it actually contains a Trojan horse by which a hacker could gain full control on or compromise the target computer.
However, according to officials, only 12 state employees actually opened the link but the Trojan was brought under control before any information could be compromised.
The attackers were very enthusiastic about the event of lunar eclipse, appeared in the fourth week of February 2008, and wanted to take benefits by duping the people. So they are sending out messages, which have subject lines in connection with the total lunar eclipse, but actually they contain an HTML window that touts for the video, "Solar eclipse stock video from all around the world... Get Eclipse Video now!"
Security experts said that people can easily avoid becoming victim to such e-mails by following a simple method.
Mike Lettman, Director of Information Security with the Division of Enterprise Technology, said that first and foremost recipients should never click links in unsolicited e-mails for no one can tell beforehand what would appear from the download. Lettman also explained why spammers send out the maximum possible e-mails. They hope that even if 1% of the recipients click on the link they will be able to harvest sufficient information and it will be a win win situation for them, as reported by CHANNEL3000 on February 23, 2008.
Lettman also said that a typical malicious e-mail or a malware-laced e-mail tries to collect account usernames and passwords or Social Security numbers. But, as the state has its own way for storing and protecting passwords, they aren't in danger.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 27-02-2008