1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Fake E-Gift Emails Pass Old Style Ircbot As Screensaver

Discussion in 'Security Updates' started by starbuck, Mar 2, 2011.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    A new spam campaign currently making the rounds produces emails that pose as e-gifts from friends, but in fact lead to an IRC-based trojan.

    The emails have spoofed headers to appear as originating from gifts@freeze.com and bear a subject of "You have received a gift from one of our members !"

    Freeze.com is a website offering desktop customization downloads such as screensavers, wallpapers, icons, sounds, mouse cursors and others.

    It might be possible that attackers have modified a legit email template used by the website and replaced the real link with a malicious one.

    The emails use a bit social engineering to attract people's interest and convince them to click on the contained link. They read:

    "Hello friend ! You have just received a screensaver from someone who really cares about you! This is a part of the message:

    'Hi there! It has been a very long time since I haven’t heared anything from you! I hope you enjoy this gift from me that i’ve sent with love …

    'I’ve just found out about this service from Sharon, a friend of mine who also told me that…'     If you’d like to see the rest of the message click here to receive your 3d live Dolphins."

    According to security researchers from Belgian email security provider MX Lab, the included link leads to a gift.pif file hosted on what is most likely a compromised website.

    The PIF format is not actually meant to contain executable code, but Windows treats it as such and because of this it has historically been abused to hide malware.

    Nevertheless, the method is not common anymore and neither is the malware enclosed wihtin in this particular case, an IRCBot built using a mIRC installation preloaded with malicious scripts.

    Users are always advised to exercise extra caution when dealing with links in emails, even when they appear to originate from trusted sources. Having an up-to-date antivirus installed is also a must.



    Source:
    http:/ ews.softpedia.com ews/Fake-E-Gift-Emails-Pass-Old-Style-IRCBot-as-Screensaver-187080.shtml
     
    starbuck, Mar 2, 2011
    #1

Share This Page