Malware gives you a lot of love, or not?

June 3, 2008 Leave a Comment

Quite some “love” related messages are present in our global message logs. There is a malware outbreak going on at the moment and some campaigns are related to “love”.

The messages are simple, have subjects like “Lost In Love”, “I belong to you”, “All I need is You” and contain a romantic image. This malware site drops a Storm worm variant known as Zhelatin or Nuwar on your desktop.

A variant on this is where the spam message contains “I love you so much! http://xxx.xxx.xxx.xxx/”. The URL allows for a direct IP based connection to a server that is hosting the malware.

Another “love” campaign has the subject “Paris Hilton loves you too” and contains “You now know the importance of an increased length” in the body a link to a web site to increase your… Think you’ll get the idea? Okay then.

Not “love” related but potential dangerous mailware are the messages with the subject “Your video file e.vanherck”. The subject contains the user part of an email address. The URL allows you to download the video.exe, the Trojan-Downloader.Win32.Exchanger.cq. A regular client in the malware world.

 

Filed under Uncategorized Tagged with , , ,

A solution for the spoofed URLs from Google and DoubleClick

June 3, 2008 Leave a Comment

According to CNet, Google will tackle two serious issues. A cross-site scripting issue on the login page of the communication platform Grand Central but more important, well if you receive this type of spam, is the URL spoofing technique that spammers use.

On this blog I have posted, in May, an article about that also DoublClick URLs are being used in spam like Google. As a result, email users click on the URL that appears to direct you to Google.com but instead redirects you to a potential malicious site or an web site advertised by the spammer like an online pharmacy.

“Open URL redirection is an issue we take very seriously. As we become aware of open URL redirectors on google.com, we actively work to close them. We are also aware of redirectors using doubleclick.com and are working to address this issue,” the Google spokesman said.

This sound great. Now it is time for the spammer to develop a new technique. Fingers crossed.

Filed under Spam Tagged with , , , , ,

Follow

Get every new post delivered to your Inbox.

Join 109 other followers