MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
04 May 2007

What a Wild, Wild April It's Been!

It's certainly been an April to remember in the email filtering world. We've seen a couple new things pop up over the course of this month:

-- Several Storm Worm Variants -- New and Improved Image Spam! Now with Malware!

I've blogged previously about some of the Storm Worm variants that we had been seeing. There have actually been quite a few variants of the Storm Worm since we originally saw it back in January. The ones that seem to have had the most success are the ones that use effective social engineering tactics.

The original Storm Worm was named as such because one of its initial variants was progagated via email using a subject line of "230 dead as storm batters Europe." The reason that this was so successful was because there was a serious storm that was hitting parts of Europe at the time and was responsible for a large amount of damage which also resulted in loss of life. As such, people were interested in reading about it and watching the "video" that also came with the email. The only problem is that the video wasn't a video at all. Once opened your machine was infected and was used as a vehicle to send out more copies of the worm.

A variant that we saw this month took a bit of a different approach. It used the weaknesses of human emotion and subject lines like "A Token of My Love", "I Love You With All I Am", and "A Rose For my Love" to get unsuspecting victims to open a "greeting card" attachment. Like the "video" in the previous example, there was no love to be found from this email. This variant was somewhat akin to the "I Love You" virus from back in May, 2000 where messages with the subject line of "I love you" and a visual basic script attachment spread across the internet like wildfire. Funny how history repeats itself sometimes, eh?

A new variant of image spam is upon us as well. We are seeing variants of image spam that now also include links in them. These links, however are taking users to malicious web sites where their PCs get injected with malware (mostly keyloggers) such that after you take advantage of the great stock tip (or even if you don't) the malware author can then steal your login credentials to your bank or brokerage firm web site.

I guess it wasn't enough to just make their typical 5% return on a stock pump and dump. Why stop there when they can take every cent you have instead?

This all just goes to show that email as a malware distribution mechanism or as a vehicle to malicious web sites is still an effective tool and is not going away anytime soon.

Posted by smasiello at 12:34 PM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

MSP Mentor

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filter, Web Filter and Email Archiving services for use in network security.