[ insider_reports_insider ]
Easter Trojans Email Fake War News
David Utter
Staff Writer
2007-04-09
 Insider Reports RSS Feed
The latest effort at fooling people into installing malware on their systems comes in the form of email claiming a war in the Middle East has erupted with Iran and Israel taking part.
 | | Easter Trojans Email Fake War News |  |
The most effective social engineering tactics are the ones that seem most likely to be true. Had email been a widely used technology in the 1970s, a mass mailing with subject lines about conflict and strife in the Middle East would be as likely to be believed then as it would be today.
Spammers have noticed this as well, and their attempts to cram malware onto systems for criminal gain recently featured what Symantec observed as a social engineering attempt built on the likelihood of a broader war beginning.
"Subjects include 'USA Just Have Started World War III' / 'Missle Strike: The USA kills more then 20000 Iranian citizens' / 'Israel Just Have Started World War III' / 'USA Missile Strike: Iran War just have started'. From the sample emails that we have seen to date, the actual email body is blank, and the attached files have various names such as 'video.exe', 'movie.exe', 'click here.exe', 'clickme.exe', 'readme.exe' and 'read more.exe'," researcher John McDonald said in the advisory.
Though the underlying malware is nothing new, save for some minor tweaks, they bring along the typical nastiness that characterizes criminal efforts to continually find new outlets for their junk messages. People who unwisely run those executables will drop a mass mailing program and a rootkit into their systems.
Vista Enables Protection Of Malware: As the BSAlert bloggers put it, "Microsoft's new feature can actually make it even harder to remove bad software from your system."
They're referring to Protected Processes in Windows Vista, Microsoft's latest operating system release. Alex Ionescu blogged about how those Protected Processes could be used beyond their intended place in Vista's Protected Media Path:
Unfortunately, it is trivial to make a process protected or unprotected by bypassing all the Code Integrity checks and sandbox in which protected processes are supposed to run. I wrote a small application which I called D-Pin Purr which does exactly this. I tried it on the only two protected processes I know on Vista (audiodg.exe and mfpmp.exe). While ProcessXP usually shows only limited information for them, after using my tool, I could see all the information.
The interesting thing is that I can make any application of my choosing protected, and thus undebuggable, uninjectable and with its address space secure.
If this can be affected by an exploit, and that is a big if considering the new security in Vista, it seems a multimedia file could be the vehicle to deliver something malicious and difficult to remove.
---
Tags: Computer, Security, Trojan, Vista, Malware
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
