Experts at SophosLabsâ„¢ have warned that
hackers are stealing the tricks used by image spammers to infect
computer users with malicious code.
Experts based in Sydney, one of Sophos's global network of
virus, spyware and spam analysis centers, have discovered email
messages are being sent to Australian computer users claiming to
come from a young woman visiting the country. Unusually, the
malicious emails contain no text, but an embedded graphical image
telling users to visit a website.
Part of the text in the image reads:
Hi, My name is Vicky Willington, I'm just a college girl who
just arrived in Australia and looking for a sex partner. All what I
need is a good man, you must be serious and honest, let me know if
you wish to meet.
You may see my pics at my web page: <url
removed>
The email message consists of an image,
directing users to a malicious website.
The website referred to in the email contains a soft porn image
and a link to the Troj/Dloadr-AMA Trojan
horse.
"This malware attack is particularly interesting because it
borrows techniques commonly used by spammers. The message body is
image only - whereas Trojans are more commonly distributed as text
only or text with embedded images," said Graham Cluley, senior
technology consultant at Sophos. "The image in the email contains
random noise to sidestep signature-based detection - a technique
normally seen in medical or stock spam campaigns. Also, the subject
matter is similar to 'pretty
girl' spam campaigns that we see - but normally they send text
spam rather than image spam, and urge the recipient to reply via
email rather than visit a website."
Throughout 2006, Sophos experts have reported a rise in spam
containing embedded images, which has risen sharply from 18.2
percent in January to over 35 percent today. By using images
instead of text, messages are able to avoid detection by some
anti-spam filters that rely on the analysis of textual spam
content.
Sophos experts note that the emails do not contain a hyperlink
to the malicious website, but require the user to type in the url
by hand.
"Because these emails solely consist of a graphical image there
is no link for the user to click on," explained Cluley. "You can't
visit this website by accident, you have to want to find out more
about Vicky and enter the website url manually. Some might believe
that those foolhardy enough to look for a sex partner on the web
get everything they deserve. The best defense remains to protect
yourself with up-to-date security products and a healthy dose of
skepticism about unsolicited email."
Sophos's anti-virus products were automatically updated to
protect against the Troj/Dloadr-AMA Trojan horse at 08:31 GMT on 23
August 2006.
Sophos recommends that companies protect their email gateways
with a consolidated solution to defend
against viruses, spyware and spam, as well as secure their desktop
and servers with automatically updated protection.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.