The trend of exploiting current news events to deliver malware continues to push the boundaries of decency. Its not very often we are taken aback by malware distribution methods, but the recent vulture-like exploitation of the Air France disaster and deaths of Michael Jackson and Farrah Fawcett really is plumbing the depths of social engineering techniques.
Massive Multiplayer Online Role Playing Games (MMORPGs) have become a massive industry over the last decade. World of Warcraft alone has approximately 10 million active users. (1) That's more than Sweden’s total population! A lot of users and money involved means that malware writers have a good opportunity to earn some "easy cash".
The recent extensive media coverage of the Conficker worm (see previous blog post) has also attracted the creators of rogue anti-malware software. Pages that claim to show how to get rid of this pest have been hijacked by fake scanners that promote rogue software. Another tactic has been to create pages that offer a product, claiming it will remove Conficker. An example is shown below.
Win32.Worm.Waledac spreads itself using Valentine's Day "advertising" as the distribution method. It can be found on a website full of hearts with the text Guess, which one is for you? as picture 1 shows.
The business-oriented social networking site, LinkedIn, has had a recent bout with malware, as you may have seen by all of the buzz this week in the news headlines. As most of you who use them know, social networking sites, while having many advantages to users, have long been targeted by socially engineered scams - meaning you need to take care when roaming around on these types of sites.
Microsoft is releasing another "out of band" update tomorrow. This update is to fix a recently discovered 0-day vulnerability, in Internet Explorer 7, that is actively being exploited.
More information about the vulnerability can be found at http://www.microsoft.com/technet/security/advisory/961051.mspx
Recently we came across this rogue, Antivirus Plus. What makes this one different from others was that it was distributed directly as a fake video codec. They have now removed the fake alert step in between.
Have you made any recent purchases to be delivered by the postal service? With the holiday season upon us, chances are good that you have. If so, there's a common spam scam that may try to catch you off guard in order to infect your system with malware. Here's an example of a subject line and e-mail message to be on the lookout for this holiday shopping season, and beyond ...
It's not often that Microsoft breaks their update cycle to release a patch but when they do it's generally a good idea to get that patch installed or face infection.
An update to yesterdays post.
IP:77.91.231.201
wplayerware.com
IP: 77.91.231.183
trustedware.com
