The Statement of Fees malspam campaign continues today with additional messages containing new Trojans. This round is distributing the W32/Autorun.AFC.worm malware which connects and downloads a file called lspr.exe.
This morning we detected another spam campaign with a very similar motivation to the MSNBC and CNN spam attacks that were detected recently. The vector for infection is a re-direction to a phony video page. In this case the user is asked to download an update which appears to be a video codec identified as installer.exe or better known as Trj/Exchanger. We expect that these type of attacks are only going to evolve over a period of time to be much more sophisticated.
A few minutes ago we discovered another spam campaign this time offering an update to Microsoft Internet Explorer 7.0. What’s interesting about this particular message is it appears to be in exactly the same format as to what was used to distribute the get_flash_update.exe as seen in some attacks. The message comes from the address firstname.lastname@example.org so it appears to be. When you click on the link an executable with the filename update.exe is downloaded (this is a downloader Trojan).
|File size: 139776 bytes|
|PEInfo: PE Structure information( base data )
timedatestamp…..: 0x4898440b Tue Aug 05 12:14:03 2008
machinetype…….: 0x14c (I386)( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x33d2c 0x4a00 4.01 320f92325281cf38056300846e33e293
DATA 0x35000 0x1b020 0x1ae00 8.00 b2da8ac3f7624aaec4e58820ca98f3d1
.rsrc 0x51000 0x1000 0x600 6.54 5a86ae6138955d3b751ed9ef76093acd
Wireless networks and endpoints offer convenience and connectivity. Unless properly secured, they also offer a means of ingress into the network. This article will describe the vulnerabilities and strategies for mitigation as it pertains to protecting wireless point-of-sale systems.
In the wake of undiscovered data breaches and subsequent public exposure, hackers have begun to turn their eyes towards breaching wireless networks and taking advantage of their many weaknesses. Furthermore, we are seeing a trend towards stealing cardholder information from retailers through much publicized breaches such as TJ Maxx and Hannaford Brothers. According to the 2008 Data Breach Investigations Report by the Verizon Business Risk Team, 84% of the data compromised in documented breaches pertained to card holder information.
Read full article here: