Thursday, October 13, 2011

Spammers Pay Tribute to Icons with Atrocious Malware

Contributor: Christopher Mendes

When stalwarts pass away the world mourns their loss, tributes flow and emotions run high. Whenever we lose a legendary figure, their death brings shock or grief and people are hungry for any and every available piece of information about the "How" and the "Why" and the "When" related to the death of these important figures.

We studied the aftermath of these icons’ passing and the eulogy written by spammers. The spammer’s sole motive is to use incidents to compromise weak systems. On further examination of the collected data we traced a predictable pattern, the details of which are given below:

Michael Jackson Subject: Michael Jackson not dead
Subject: Michael Jackson seen alive
Subject: Michael Jackson lives
W32.HLLP.Sality.O
W32.Pinfi
Trojan.Dropper
W32.Ackantta.F@mm
Downloader.Psyme
Backdoor.Trojan
Amy Winehouse Subject: Ravages of the drug in the body of Amy Winehouse
Subject: Amy Winehouse Not Dead
Infostealer.Bancos
Steve Jobs Subject: Is Steve Jobs Really Dead?
Subject: Steve Jobs Alive!
Subject: Steve Jobs Not Dead!
Subject: Steve Jobs: Not Dead Yet!
Subject: Steve Jobs Alive and Well?
Blackhole Exploit

As in the case when Michael Jackson passed away, spammers started spreading a rumor through email which stated 'Michael Jackson is not dead'. The same pattern was used when Amy Winehouse suddenly passed away. And when visionary Steve Jobs passed away.

But, in all these cases, it was not just false rumors but malicious code that was being transferred to computers in various ways (using iframes, redirecting users to malicious Web pages, and/or malware as embedded attachments). People jumped to open such links, under the influence of their emotions over news of the tragic events, and spammers thrived by discovering and exploiting the vulnerabilities available on users’ systems.

Users can definitely deny spammers satisfaction by checking emotions and withholding curiosity. Use a little bit of caution before clicking on any unknown link. Symantec provides regular security updates to stave off any such misadventure from spammers. Regularly update your security products and stay safe.

By: Samir Patil