Malware distributors incorporate well-known brands in their email spam to deliver dangerous programs to unwitting victims

15 July 2010
An ongoing campaign where malware distributors use email spam to deliver dangerous programs to unwitting victims has begun to change its tune, switching the scam to incorporate different brands. In the latest scam, the message appears to be an order confirmation from Amazon.com for the purchase of an expensive consumer electronics item, or a contract (spelled, tellingly, 'conract') for expensive home improvement work, purportedly to be done on the recipient’s home.

A few weeks ago, the emails switched from a “shipping confirmation” hook to one which claims the contents of the attachment include a code worth $50 on Apple’s iTunes online store.

The spam messages for several months have included a .Zip compressed attachment. The file inside the .Zip, which looks like a Microsoft Word document, is a malicious program we classify to the definition Trojan-Downloader-Tacticlol.

An extremely dangerous downloader, the Web sites and domains from which Tacticlol (aka Oficla or Sasfis) retrieves its payloads have been remaining online longer than normal. Typically the download site is shut down within a few days, effectively neutralizing the downloader and preventing it from retrieving anything. Recent variants, however, have use Web domains that remain online for weeks or even months.

Malicious sites that remain active only increase the danger that someone who inadvertently opens the attachment a few weeks after the message arrives will still infect their computer.

In addition, the payloads delivered by the download site Tacticlol contacts are being rotated as the days go on. In the initial infection period, within about 36 hours after the spam messages arrive, the download sites deliver a number of different payloads, including the Trojan-Backdoor-Zbot keylogger, the Trojan-Pushu (aka Pushdo) spam bot, and rogue antivirus installers.

After a week, the payloads switch to the installers for botnets, which zombify the infected machines and turn them into longer-term hacker workhorses. Recent payloads have included a “dead man switch” which can render the infected computer unbootable.

You should always avoid opening any attachment that arrives through email unless you can confirm - by telephone, or some other method - that the attached document is legitimate and was deliberately sent to you. Also, train yourself to avoid opening any attachment with an .exe file extension, regardless of its appearance or origin.

 

Latest retail security articles

 Companies continue to leave their security measures short when it comes to protection against mobile device risks

 Domino's Pizza converts to iCatcher for their in store CCTV

 4iSecurity's software protects Sleepmasters' headquarters

 The new Twilight EAS Tagging System is the perfect solution for stores with modern interior

 Holland and Barrett rolls out Checkpoint's EVOLVE Electronic Article Surveillance system in 135 UK stores

 Data protection laws are too relaxed and require revision

 Zeus financial malware targets online banking customers by exploiting Verified by Visa and MasterCard SecureCode security programs

 Norbain secures exclusive agreement with Geoquip

 MITec, FAC and Ukash provide a fully integrated and secure alternative cash payments solution in Mexico

 SALTO Systems's offline access control readers combine with Siemens' SiPass security management system

...[view more articles on retail security]...

 

Other security websites:

Bank and financial security - Corporate security - School and education security - Sport event and live venue security - Healthcare and hospital security - Hotel restaurant and casino security - Industrial and manufacturing security - Infrastructure and Utilities security - Home and personal security - Public sector security - Retail security - Small Business security - Transport security

Breaking News Retail security News Retail security events and conferences Retail security books and guides Security bodies and Associations

About us Editorial policy Advertise Newsletter registration Free newsfeed for your site
Retail security links

Retail group spends $684,939 on 2Q lobbying The Retail Industry Leaders Association spent $684,939 in the second quarter to lobby the federal government on a variety of issues from health care reform to clothing tariffs, according to a recent disclosure report.

Retail Stocks Drop; Casey's Jumps On New Offer Retail Stocks Drop; Casey's Jumps On New Offer

Retail Stocks: Retail stocks drop; Casey's jumps on new offer Retail stocks fall for the first time in the past four trading sessions, tracking the broader markets lower, amid concerns about the health of European banks.

Security can't excuse protectionism -China minister Security can't excuse protectionism -China minister

Security guard taken to hospital after car drives into window of Hallandale Beach bank A security guard was taken to a hospital Tuesday morning after a car drove into a bank window.

Slain security guard was hard worker, able mediator Slain security guard was hard worker, able mediator

Security update for Safari leads Apple updates Updates to Apple's Safari browser address a trio of security issues, one specific to Windows, as well as delivering compatibility improvements. The iWeb web page creation program has also been updated. Apple has released version 5.0.2 of its Safari browser, removing three security vulnerabilities and addressing compatibility issues. One of the vulnerabilities is specific to Windows. In previous ...



Copyright © Retail Security Portal

Terms & conditions
Privacy policy
CMS and Web design by www.areza.com
directory of retail security suppliers
Search directory Register your company
Retail Security books:

SEARCH NEWS
DIRECTORY
Google