Security news
Security news4 July 2007
Ecard storm brews up a less than happy Fourth of July
Independence Day malware attack strikes via email greetings
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned of a widespread email spam campaign that poses as a 4th July greeting card, but is really an attempt to lure innocent computer users into being infected by a Trojan horse and attacked by hackers.
The emails, which are being seen in inboxes worldwide, claim that the recipient has been sent an ecard greeting by a friend and tells the user to click on a link to view the card.
The emails pretend to be electronic Fourth of July greeting cards.
Subject lines used in the malicious spam campaign include:
American Pride, On The 4th
America's 231st Birthday
Americas B-Day
America the Beautiful
Celebrate Your Independence
Celebrate Your Nation
Fireworks on The 4th
Fourth of July Party
God Bless America
Happy 4th of July
Happy B-Day USA
Happy Birthday America
Happy Fourth of July
Independence Day At The Park
Independence Day Celebration
Independence Day Party
July 4th B-B-Q Party
July 4th Family Day
July 4th Fireworks Show
Your Nations Birthday
Clicking on the link contained inside the email, which is in the form of a numeric IP address, takes surfers to a compromised zombie computer hosting the Troj/JSEcard-A Trojan horse. The Trojan horse then tries to download additional code from the internet which Sophos intercepts as Mal/Dorf-C.
"Cybercriminals have no qualms about taking advantage of celebrations like 4th July to infect innocent people's computers, and potentially steal their indentities. This isn't just an American problem - these kind of attacks strike around the world, and are designed to abuse PCs around the globe," said Graham Cluley, senior technology consultant at Sophos. "People regularly send egreetings to friends and colleagues, so it is important that everyone is on their guard against these kind of attacks and ensures their computers are properly defended."
The July 4th spam emails are sent from compromised computers around the world. This image shows a snapshot of PCs in the USA that have relayed the spams in a snapshot of just a couple of seconds. IP addresses have been blanked out.
"Rather than being sent to a real ecard website when you click on the link you are visiting someone else's compromised computer which is hosting malicious code designed to infect your Windows PC. It is these same computers, based all around the world, which are spewing out spam," continued Cluley. "Web links which use IP addresses are a set of four numbers in the format xxx.xxx.xxx.xxx. A real ecard company is unlikely to send you emails which use links like that, so that should set alarm bells ringing instantly."
Sophos has been protecting customers against the JSEcard-A Trojan horse since 29 June 2007, and the Mal/Dorf-C Trojan since 16:01 GMT on 3 July 2007.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution to defend against malware, spyware, hackers and spam.
When considering your anti-malware security vendor, what is more important to you?
See also:
- Trojan spam storm hits inboxes, races to top of malware charts
- Storm Trojan's second wave arrives like a missile
- After stormy start, worm turns to love in major new attack
- HIPS: Behavioral protection - Stop unknown threats before they execute
- Sign up now for free notification of new viruses found in the wild
