antiSPAMnews News Archives About Us Feedback

Recent Articles

Euro Business Guide Scamming Again
I mentioned this before. I just cant understand how this crowd are still in operation. Total bunch of crooks: Please print and fill the enclosed document and send it...

Akismet False Positives And Spam Karma Configuration
Spam Karma for me is the most effective comment and trackback spam management solution because it doesn't cause me problems with false positives on many...

Wordpress Honeypot Plug-in
From a security viewpoint, this little plug in for Wordpress is one of the more interesting little scripts you can...

Email Fight Club - Avoid Spam, Spyware, Scams...
Follow these 10 common sense suggestions to avoid email trouble. 1. Suspect Everyone: Most unsolicited email is harmless junk from someone just hoping...

Anti Spam Tips From The Department Of Energy
Anti-spam techniques The US Department of Energy Computer Incident Advisory Committee (CIAC) has provided specific countermeasures against electronic...

Redirecting Google Blog Search
One of the biggest threats to Google's dominance will doubtfully be a competing search engine, at least for the time being... No, if you had to narrow it down, the...
07.27.07


Personalized Spam May Lead To Infection

By David Utter

Social engineering through data mining allows criminals to make their email come-ons look legitimate, but visiting included links could lead to a system being compromised.

The approach and the exploit being employed against spam recipients, like the person at Symantec encountered, aren't anything new. Using someone's first and last name, and suggesting they had signed up for a certain website, represented a new way of setting up an attack.

Researcher John McDonald said on Symantec's Security Response blog the spam in question led to what appeared to be a legitimate site, based on its root doman. Had a visitor traveled to the spam link and arrived at the purported login page, they would hit exploit code aimed at the Windows Media Player plugin:

The page contains shell code that downloads and runs an executable file which in turn drops other malware onto the computer. This malware is injected into the explorer.exe process and scans all directories and files on both the compromised computer and any networked computers. It lists them in a log file and attempts to upload the file to a remote server, which is different from the original one hosting the exploit code.

Interestingly the threat also attempts to upload a whole range of files from victim machines, including ones with extensions such as .exe, .mp3, .cab, .wav that may potentially include some very large files. It would probably be easy to notice the degradation in network performance as so many files were being uploaded.

Not only would the visiting PC get hit with malware, the infection would steal media and other files from the machine and send them along to a remote server. This activity would be noticed as network degradation took place.

If you receive email welcoming you to a site you didn't sign up to join, use some extra caution. Discarding the email would be best, as you can always ask a legitimate site for password help.

About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

About antiSPAMnews
News and updates for the fight against spam


antiSPAMnews is brought to you by:

SecurityConfig.com NetworkingFiles.com
ITmanagementNews.com WebProASP.com
DatabaseProNews.com SQLProNews.com
ITcertificationNews.com SysAdminNews.com
LinuxProNews.com WirelessProNews.com
CProgrammingTrends.com ITmanagementNews.com



-- antiSPAMnews is an iEntry, Inc. publication --
iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509
2007 iEntry, Inc. All Rights Reserved | Privacy Policy | Legal | Contact

archives | advertising info | news headlines | free newsletters | comments/feedback | submit article


antiSPAMnews Home Page About Article Archive News Downloads WebProWorld Forums Jayde iEntry Advertise Contact WebProWorld Forum