Viruses/Worms News

Waledac variant uses SMS Spy social engineering theme

Thursday, April 16, 2009

Cybercriminals spreading the Waledac malware through spam are trying a new social engineering trick, asking users if they want to download an attached program to allow users to read another person's SMS messages online.

A web security alert issued yesterday said the Waledac variant has been spotted in the wild in thousands of spam emails including download files with alternating filenames, such as sms.exe, freetrial.exe and smstrap.exe. Not all major anti virus detectors had detected the new themem, the security alert said.

The text from one spam email carrying the Waledac worm offers a "free 30-day trial" and reads: "Do you want to test your partner or just to read somebody's SMS? This program is exactly what you need then."

This type of spam spreads the worm with what is called social engineering, by enticing users to download malware or visit malicious sites by exploiting curiosity and interest in popular topics, breaking news or products with a popular theme like Valentine's Day, according to web security experts.

Some security researchers have said cybercriminals spreading the worm have also used geolocation to customize malicious websites to reflect the location of the visitor's computer.
ADNFCR-1765-ID-19124092-ADNFCR

Related News:

Age-old trick with brand-new target - 1.18.2010
Cyber criminals have turned to a scam from the early days of the internet to target the growing smartphone market: Trojan phone dialers.

Report: 'At least 34' firms attacked at the same time as Google - 1.15.2010
The Washington Post asserts that many U.S. companies were targeted in the same network security and email breach that affected Google and provoked the company's highly publicized spat with the Chinese government.

Gumblar botnet builder resurfaces with a vengeance - 1.7.2010
Though security researchers had believed it to be more or less dormant, the Gumblar malware came storming back into prominence at the turn of the decade, performing what Softpedia calls a "mass injection attack" on computers and websites around the world.

Symantec endpoint protection suffers from updating issue - 1.7.2010
As 2009 turned into 2010, users of Symantec's Endpoint Protection Manager ran into trouble with updates for the program, as any patches released after the end of 2009 were misidentified as being out-of-date.

Experts laud heuristic detection as necessary backup to signature-based solutions - 1.6.2010
Anti-virus programming experts say that behavioral or heuristic detection of malware will become increasingly important to safeguarding computer systems, as modern malware becomes more and more difficult to detect using traditional methods.
View Related Resources
Or
Watch an Online Demo
Or
Have us call you now