Security

…and some of it masquerades as “marketing” and “newsletter” emails. In March 2010, spam continued to account for a high percentage of all email traffic, peaking at 93.6% of all messages. The majority of this spam email was sent using certain tactics that were deployed to hijack unsecured computers and hide the senders’ identity. Recently, however, there has been an uptick in spam “marketing” and “newsletter” emails. These spam marketing and newsletter emails share one significant commonality with “regular” spam emails, which is that they are unwanted email messages sent to individuals who have no formal relationship with the message sender. ...

Well, well… looks like someone has been singing along to one of Jay Chow’s songs while coding an exploit that corresponds to a vulnerability in Internet Explorer, which was addressed in Microsoft Security Bulletin MS10-018. The exploit that targets on the Peer Object component (iepeers.dll) in IE has been found in the wild, and today it was detected while attempting to exploit on the client browser. After decoding from a shellcode, it will download the payload and will be detected as Trojan:W32/KillAV.LD. ...

We have received reports of a malicious Windows Mobile game that creates significant phone bills to affected users. The game in question is called 3D Anti-terrorist action, and it’s manufactured by Beijing Huike Technology in China. The game itself is a 3D first-person shooter. Apparently some Russian malware author took the game and trojanized it. Then he uploaded the trojanized version to several Windows Mobile freeware download sites. ...

Microsoft has made the right decision to temporarily turn off Hotmail’s vacation (e.g., out-of-office) reply feature. Flip the switch off permanently, I say. “In our fight against spam, we sometimes have to make hard choices, and we had to make one this week. We discovered that spammers were using Hotmail’s automatic vacation reply feature to send spam from their Hotmail accounts,” Krish Vitaldevara, Windows Live Hotmail lead program manager, blogged late yesterday. I missed the post because of Apple’s iPhone OS 4 launch. I spotted the announcement first at LiveSide about an hour ago. ...

Northwestern Bank Online – Orange City is compromised and should not be visited until it’s clean. Embedded in the side is a malicious iframe, as you can see in this screen shot: (Testing the site with Wapawet doesn’t work, since it chokes on the javascript emulation. However, the iframe is malicious.)

Adobe has announced that it will release an updater along with Adobe Reader and Acrobat versions 9.3.2 and 8.2.2 on patch Tuesday next week. On the Adobe blog, Steve Gottwals wrote: “…we have been testing a new updater technology with select beta customers since our October 13, 2009 quarterly update. The purpose of the new updater is to keep end-users up-to-date in a much more streamlined and automated way. “During our quarterly update on January 12, 2010, and then again for an out-of-cycle update on February 16, 2010, we exercised the new updater with our beta testers. This allowed us to test a variety of network configurations encountered on the Internet in order to ensure a robust update experience. That beta process has been a successful one, and we’ve incorporated several positive changes to the end-user experience and system operation. Now, we’re ready for the next phase of deployment.” ...

…”click here to view”. Yes, it seems almost anything is a target for money generating survey spam. In this case, we start with a Youtube video: And we finish with this: Even better, these “fill in a survey to see the content” websites now pop up an additional message as you try to leave the page: “Help keep this content free. Please take one minute to complete a SPAM-free market research survey to gain access to this special content.” ...

An interesting and unknown feature used by sysadmins around the world in some large corporate networks is the use of proxy-auto config (pac) files. This benign feature is accepted by all modern browsers and is described in detail here. It contains a function to redirect your connection to a specific proxy server. Unfortunately this simple and smart proxy technique are being largely used by brazilian malware writers to redirect infected users to malicious hosts serving phishing pages of financial institutions. A .pac script URL is configured in the browser, in the field “Use automatic configuration script”: ...

TSince 27 March a new game called 3D Antiterrorist has been cropping up on quite a few international freeware sites offering downloads for Windows Mobile smartphones. As well as the game itself, the 1.5 MB archive contains the file reg.exe which is actually a Trojan that calls premium rate international numbers and leaves smartphone owners significantly out of pocket. As of 8 April this malicious program has been detected by Kaspersky Lab as Trojan.WinCE.Terdial.a. Let’s take a closer look at what happens. ...

The National Bureau of Economic Research has previously indicated that the United States has been in a recession since December 2007. What is interesting to note here is that Symantec first reported that spammers were showing an interest in the slowdown of the economy in October and November of 2007, so this begs the question, “Can the focus of spam email be used as an economic indicator or barometer?” Let’s take a brief look at the recession (thus far) by looking through Symantec’s spam folder (a.k.a. the Symantec Global Intelligence Network). ...