Panda Security's malware analysis and detection lab, PandaLabs, has discovered a chain of e-mails employed to distribute the Agent.JEN Trojan, pretending sent by United Parcel Service, the package delivery firm.
The e-mail content marked "UPS packet N3621583925" notified the receiver that it was not possible to deliver a parcel and direct to take out a print of duplicate appended invoice.
The invoice is enclosed as a ".zip file attachment" and contains an executable file camouflaged as a Microsoft Word text file labeled "UPS_invoice". By running the file, the victim introduces a copy of the Trojan into his machine.
Furthermore, the malware copies itself onto the computer, replacing the Userinit.exe file in Microsoft Windows. This file runs the IE web browser, the user interface and other required procedures. The Trojan then copies the system file to a different memory location labeled as userini.exe, without meddling with the system's function or any fears of corruption.
Then, Agent.JEN Trojan links to a Russian domain (employed by banker Trojans) and use it to send request for downloading a German domain adware and a rootkit identified as Adware/AntivirusXP2008 and Rootkit/Agent.JEP by PandaLabs. This raises the dangers of corruption all the more.
Country Manager of Panda Security in UK, Dominic Hoskins, said that nowadays malware schemes try to obtain fiscal profits very quietly and these attempts are clear indications of the present malware dynamics, as reported by Hexus on July 15, 2008.
However, UPS has sent a formal e-mail alert to its users about the danger. As per UPS, they are aware of the circulating fake e-mail that claimed to have originated from UPS and makes user believe that a UPS delivery couldn't be made. The company advised its users to desist from opening the attachment, and to remove the message directly, as reported by arstechnica on July 15, 2008.
Hackers are not attracted by recognition or infamy; they are interested in monetary gain in the stealthiest manner possible, alleged Luis Corrons, Technical Director at PandaLabs', as reported by marketwatch on July 15, 2008.
Source:
Study highlights Web threats
At the USENIX Security Symposium in San Jose on Wednesday, a Google researcher presented a study on the pervasiveness of drive-by-downloads on the Internet, and the findings were unsettling, to say the least. Over a 10-month period last year, researchers analyzed 66 million URLs and detected more than 3 million that tried to automatically install [...]
At the USENIX Security Symposium in San Jose on Wednesday, a Google researcher presented a study on the pervasiveness of drive-by-downloads on the Internet, and the findings were unsettling, to say the least. Over a 10-month period last year, researchers analyzed 66 million URLs and detected more than 3 million that tried to automatically install malware on a visitor’s computer. They also found that about 1.3 % of Google search queries returned at least one malicious URL.
“Our research has shown Web-based malware is a significant problem. … and there are no good proactive defenses against it,” said Niels Provos, senior staff software engineer in Google’s infrastructure group. The problem is so widespread that even cautious Web surfers can run into malware. While adult websites had twice as many drive-by-downloads, “regular Web users, even if they stay away from the dirty parts of the Internet, have a good chance of running into malicious sites,” he said.
The fundamental problem is insecure Web servers, Provos said. Attackers often inject new content into a compromised website and use invisible HTML components such as zero pixel IFrames to hide the content, according to the study. In most cases, the injected content redirects a website visitor to a remote site that hosts a script designed to exploit the browser. The researchers counted more than 9,000 malware distribution sites.
China is a big contributor to the problem, the study showed. Sixty-seven percent of all malware distribution sites were hosted in China; 64 % of sites that trigger drive-by-downloads were hosted in China.
�
�
�
�
Source: feeds.feedburner.com
SIPC Alerts Investors of a Phishing Scam
The Securities Investor Protection Corporation (SIPC), which maintains the Congress authorized exclusive reserve fund to aid investors affected from failed brokerage companies, warned investors on July 21, 2008 of a new phishing scam extorting confidential information as well as cash from indiscreet individuals.
The Officials at SIPC said that they are investigating fraudulent e-mails sent by an alleged "senior investment advisor" and claiming that he is acting on behalf of a SIPC member. But, in reality, the person whose name is mentioned in the message simply has no connection with the campaign and the brokerage company too has no links with the dishonest solicitation. The message also alleges that this brokerage company, which is acting for SIPC, intends to give back the targeted investor his funds as reported by earthtimes on July 21, 2008.
Furthermore, the scam involves a claim for investment in an insurance apparently madel through the same brokerage company. And, to obtain the information for making the claim, fraudulent e-mail sender incorporates a false SIPC "Beneficiary Information for Automatic Deposit of Payment" form that seeks information with which funds can be directly withdrawn from the account of an investor.
Meanwhile, according to Stephen Harbeck, President of SIPC, the scheme is clearly a scam and does not associate with any real brokerage company and its liquidation. The e-mail does not provide any address for correspondence and has no reference about failed brokerage company. Therefore, nobody should give away any personal information requested for in the current case without being absolutely sure of the sender's validity, as reported by prnewswire on July 21, 2008.
Moreover, any investor who gets any such dubious e-mail fraudulently sent in SIPC's name is advised to forward it to SIPC.
According to practice, victims of identity theft associated with brokerage companies are often directed to check out the membership details on SIPC's Website to find out if the company is actually a SIPC member. But in the current case, the illegal promoters have clearly stolen the ID of a true SIPC member.
Source:
‘Spam King’ Sentenced to Nearly Three Years in Jail
Robert Alan Soloway, whom investigators call the "Spam King", has been given a 47-month prison sentence after being charged of a number of offences.
According to investigators, Soloway operated Newport Internet Marketing Corp. in Seattle that offered services of "broadcast e-mail". Soloway, as per the government, sent massive number of spam mails promoting the service by using forged and misleading headers.
Moreover, Soloway admitted in court in March 2008 that he was engaged in an e-mail fraud and did not file an income tax return.
Also, as per the investigators, Soloway employed a software called Dark Mailer to infiltrate botnets -network of compromised PCs - that he utilized to deliver bulks of anonymous e-mails. He also distributed advertisements for e-mail clients through legitimate e-mail addresses without informing their owners.
Furthermore, Soloway violated the Can-Spam Act by using false header titles in his spam mails. The software he employed automatically replaced the recipient's name with that of Soloway's, making it seems that the former e-mailed the message to herself/himself or used fake addresses in the 'sender' field. The objective of all these tactics was to bypass any spam-blocking program that might have been on the victim's computer.
Meanwhile, federal prosecutors said that between November 2003 and May 2007, Soloway sent several millions of spam messages to promote his company that offered software for sending broadcast e-mails.
Furthermore, he kept on sending junk messages even after Microsoft won a $7 Million civil suit against him in 2005 and even after a small ISP operator in Oklahoma won a similar $10 Million suit.
Soloway said that he was fully responsible for sending out the large number of spam mails, as reported by komonews on July 22, 2008. Soloway said that he would neither say that he was innocent nor say that the government had made a mistake. He added that it was entirely his responsibility and whatever he did was short of right action.
Apart from serving the 47-month sentence, Soloway has also been ordered to pay $700,004 in compensation for the ill-gotten gains he churned from his long-standing spam operation.
Source:
