iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Personalized Spam May Lead To Infection
Search:
[ insider_reports_insider ]

Personalized Spam May Lead To Infection



David Utter
Staff Writer
2007-07-27

SecurityProNews: Insider Reports Insider Reports RSS Feed


Social engineering through data mining allows criminals to make their email come-ons look legitimate, but visiting included links could lead to a system being compromised.

Personalized Spam May Lead To Infection
Personalized Spam May Lead To Infection

The approach and the exploit being employed against spam recipients, like the person at Symantec encountered, aren't anything new. Using someone's first and last name, and suggesting they had signed up for a certain website, represented a new way of setting up an attack.

Researcher John McDonald said on Symantec's Security Response blog the spam in question led to what appeared to be a legitimate site, based on its root doman. Had a visitor traveled to the spam link and arrived at the purported login page, they would hit exploit code aimed at the Windows Media Player plugin:

The page contains shell code that downloads and runs an executable file which in turn drops other malware onto the computer. This malware is injected into the explorer.exe process and scans all directories and files on both the compromised computer and any networked computers. It lists them in a log file and attempts to upload the file to a remote server, which is different from the original one hosting the exploit code.

Interestingly the threat also attempts to upload a whole range of files from victim machines, including ones with extensions such as .exe, .mp3, .cab, .wav that may potentially include some very large files. It would probably be easy to notice the degradation in network performance as so many files were being uploaded.
Not only would the visiting PC get hit with malware, the infection would steal media and other files from the machine and send them along to a remote server. This activity would be noticed as network degradation took place.

If you receive email welcoming you to a site you didn't sign up to join, use some extra caution. Discarding the email would be best, as you can always ask a legitimate site for password help.


About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds