New Malware Campaign
A new malware campaign is making the rounds of the Internet, taking advantage of curiosity and sympathy surrounding the passing of Beastie Boys’ Adam Yauch (a.k.a. MCA).
Trend Micro said the attack appeared to target specific recipients, using a news item about Yauch’s death as a social engineering lure.
“We have found an email sample that leverages Yauch’s death to entice users to download and open the malicious attachment. The message appears as a news item from a non-profit organization that features the late musician’s recent passing,” it said.
It said the email contains a .DOC file attachment, which is supposed to contain the complete story.
But users who download and open the .DOC attachment are actually executing a malware detected by Trend Micro as TROJ_DROPPR.JET.
“This Trojan file drops another malicious file, detected as particular TROJ_SWYSYN.SME, that connects to possibly malicious URLs,” Trend Micro said.
Online ads serving malware
One of the sneakiest scams among cybercrooks these days involves malicious advertisements that can infect a computer with nasty software even if a person merely happens onto a website where the ads appear and doesn’t click on them.
The sinister ad software, called “malvertisements,” which can steal bank account passwords, disable computers or cause other mischief, have claimed millions of victims. And some experts fear worse problems may be ahead.
“What we are seeing today is the canary in the mine,” said Craig Spiezle, executive director of the nonprofit Online Trust Alliance, which seeks to bolster consumer confidence in cyberspace. “It’s an early warning and if we don’t do more to secure the ad infrastructure, we run the risk of having much broader distribution of malware than we have today.”
Phony Flash Player
Adobe Flash Player users beware: A website that promises visitors a free copy of the download for all versions of Android is reportedly planting malware on smartphones running Google’s mobile operating system.
The infected web page used to distribute the malware was discovered in a number of Russian domains, wrote Karla Agregado, a fraud analyst with Trend Micro, in a recent company blog. A similar tactic emerged last month to infect Android phones with bogus copies of Angry Birds and Instagram.
When a visitor clicks the download button at the infected site, Agregado explained, a connection is made to another site that, without the guest’s knowledge, sends a malicious APK file to the mobile web surfer’s smartphone.
Once on the phone, the malware starts to secretly send text messages to premium numbers. This scam is a popular one among cyber criminals targeting Android phones.
Amnesty International targeted by malware
People visiting Amnesty.org.uk on Wednesday and Thursday were exposed to malicious code that exploited a now-patched vulnerability in Oracle’s Java software framework, according to a blog post published Friday by Websense. End users who hadn’t yet applied the patch were infected with Gh0stRat, a family of malware that siphons sensitive data from victims’ machines and can also operate Web cams and microphones in real time. The trojan came to light in 2009 when researchers reported that it infiltrated government and private offices in 103 countries. That included computers belonging to the Dalai Lama.
The Java vulnerability targeted on the Amnesty International site has been used in the past to install malware on computers running both Microsoft Windows and Apple’s OS X. Recently, similar espionage attacks have migrated to OS X, and the Flashback malware attack believed to have infected more than 500,000 Macs targeted the same bug. Based on the Websense post, however, it appears this week’s attacks infected only Windows users.