Alerts
BOOKMARK THIS ALERT
digg
|
del.icio.us
|
reddit
newsvine
|
furl
|
technorati
Catchy Malicious Spam Campaign On The Rise
Date:06.20.2008
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker Network has discovered a new malicious spam social-engineering tactic that capitalizes on various high profile events/places/people to entice users into visiting a malicious Web site.
The emails that are received are very short and contain a link to a malicious Web site. The emails use catchy subject lines to highly entice victims into looking at the email. The email contents are just one line of some socially engineered text intended to entice the user even more. However, the email subject and the email content rarely have anything to do with each other.
Example Email:
Subject: Get star wars photo
Other example email subjects:
"Celtics Disqualified from NBA Title"
"Find out about Harry Potters last novel"
"Eiffel Tower damaged by massive earthquake"
"Osama Bin Laden caught finally"
"Latest Obama quits presidential race"
The URL in the emails always ends with /r.html and tries to look like a free porn video Web site. The title of the pages is always “PornTube: best movies collection.” The Web site is trying to get users to download and install a Trojan Downloader named video.exe that claims to be an ActiveX Object. A popup message prompts for installation. If you click cancel you are stuck in a loop of trying to cancel out of accepting the install. On top of trying to socially engineer the installation of the Trojan, the site also has a hidden iframe to a site in China that is hosting exploit code.
Screenshot of popups:
Websense Messaging and Websense Web Security customers are protected against this attack.