RSS Feed (xml)
Dan Goodin of The Register discusses the problem of a sophisticated web of Trojans targeting eBay Motor users that "trick victims into making pricey fraudulent purchases". Goodin reports:
The Trojan arrives in an email responding to a user's query about a vehicle listing and is disguised as pictures. Once installed, it uses the victim's IP address to make an educated guess about where the victim is located. Armed with that information, scammers say the vehicle is stored somewhere far enough away that it's impractical for the buyer to travel to.
These Trojans mimick actual vehicle auction sites, including Carfax and eBay Motors, complete with faked bidding.
Monday, November 19, 2007
Private Detective Scare is Storm Trojan
Private Detective Scare is Storm Trojan
A malicious Trojan is being sent in email claiming the recipient is being spied on and that the password-protected .rar attachment to the message is proof of a previously recorded conversation. The .rar contains an executable file that masquerades as an MP3 music file. In reality, the file is a disguised variant of the Zhelatin family of malware (commonly referred to as the "Storm worm").
The email message body sent by this variant of Zhelatin appears as follows:
I am working in a private detective agency. I can't say my name. I'm warning you that i'm going to overhear your telephone line. Do you want to know who paid for shadowing you? Wait for my next message.
P.S. Of course, you don't believe me. But i think that the record of your yesterday's telephone conversation will change your point. The record is in archive. The password is 123qweAccording to PC Tools ThreatExpert, this latest variant creates a file named "kernelwind32.exe" in the Windows system folder (usually C:\Windows\System32). The registry is modified to load this copy when Windows starts, as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System = "\kernelwind32.exe"
A file named "kernelw.sys" is also dropped to the Windows system folder. This file is a kernel mode rootkit that hides itself and other files and processes associated with the infection. The Trojan also modifies the registry to prevent access to the Windows Task Manager.
Rootkit enabled malware is extremely common these days. To bolster your virus protection, use one or more of these free rootkit detectors to scan your system.
A malicious Trojan is being sent in email claiming the recipient is being spied on and that the password-protected .rar attachment to the message is proof of a previously recorded conversation. The .rar contains an executable file that masquerades as an MP3 music file. In reality, the file is a disguised variant of the Zhelatin family of malware (commonly referred to as the "Storm worm").
The email message body sent by this variant of Zhelatin appears as follows:
I am working in a private detective agency. I can't say my name. I'm warning you that i'm going to overhear your telephone line. Do you want to know who paid for shadowing you? Wait for my next message.
P.S. Of course, you don't believe me. But i think that the record of your yesterday's telephone conversation will change your point. The record is in archive. The password is 123qweAccording to PC Tools ThreatExpert, this latest variant creates a file named "kernelwind32.exe" in the Windows system folder (usually C:\Windows\System32). The registry is modified to load this copy when Windows starts, as follows:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run System = "
A file named "kernelw.sys" is also dropped to the Windows system folder. This file is a kernel mode rootkit that hides itself and other files and processes associated with the infection. The Trojan also modifies the registry to prevent access to the Windows Task Manager.
Rootkit enabled malware is extremely common these days. To bolster your virus protection, use one or more of these free rootkit detectors to scan your system.
Anti Virus Information
A virus is a computer program which can duplicate itself and 'infect' other computers automatically and can cause file deletion, system corruption and even cause computers to be formatted. With 10 to 15 new viruses discovered per day, the threat is growing exponentially with leading antivirus firm McAfee stating that more than 58,000 virus threats are currently in existence.
Viruses can be spread via any transferable media whether in the form of floppy disks, CDs, email attachments or in material downloaded from the Web. The most common form of transfer is via email, in the form of an attachment which, when opened, activate a virus and infect a computer. Often, viruses are programmed to spread themselves by emailing a copy of themselves to all the other email addresses in an infected computer's address book.
How to avoid getting a virus
The best way to avoid getting a computer virus is to verify whether:
The suspect files are virus-free. This can be checked by using reputable antivirus software such as AVG antivirus. Further recommendations are available HERE.
The email sender is a trusted source who can confirm that they sent you the attachment
That the file format is not suspicious- common dangerous files are .exe, .vbs, .scr and .pif files.
What if you believe you already have a virus?
If you believe your computer has already been infected you can run a free online virus check to detect this by clicking HERE and follow the steps in defining the location from which you are currently connecting to the Internet and then accepting the Trend Micro file download and scan.
Viruses can be spread via any transferable media whether in the form of floppy disks, CDs, email attachments or in material downloaded from the Web. The most common form of transfer is via email, in the form of an attachment which, when opened, activate a virus and infect a computer. Often, viruses are programmed to spread themselves by emailing a copy of themselves to all the other email addresses in an infected computer's address book.
How to avoid getting a virus
The best way to avoid getting a computer virus is to verify whether:
The suspect files are virus-free. This can be checked by using reputable antivirus software such as AVG antivirus. Further recommendations are available HERE.
The email sender is a trusted source who can confirm that they sent you the attachment
That the file format is not suspicious- common dangerous files are .exe, .vbs, .scr and .pif files.
What if you believe you already have a virus?
If you believe your computer has already been infected you can run a free online virus check to detect this by clicking HERE and follow the steps in defining the location from which you are currently connecting to the Internet and then accepting the Trend Micro file download and scan.
Subscribe to:
Comments (Atom)