Wednesday, 29 August 2007
New Malware Posing as YouTube Link |
| |
|
| |
A new variation of malware has been found wherein the worm masquerades as an email claiming to point to a YouTube video.
Detected by IT security and control company Sophos, the emails apparently have a wide variety of subject lines and message texts and encourage recipients to click on a link to download an online movie.
"The gang behind these attacks are amongst the most professional we have ever seen - spewing out new variants of their code with multiple disguises in their attempt to infect as many PCs as possible," said Graham Cluley, senior technology consultant for Sophos.
Clicking on a link inside the email will send surfers to a webpage containing a malicious script and a Trojan horse designed to compromise the user's PC and turn it into a zombie.
Subject lines come many variations such as “Dude your gonna get caught, lol”, “LOL, dude what are you doing”, “LOL, that is too cool,” and many others.
Interestingly, the malware that hackers are using to try and infect innocent computer users is from the same families of malware used in the waves of Storm Trojan that wreaked havoc on the internet earlier this year.
"Clicking on the links in the email doesn't take you to YouTube's real website, but the IP address of a compromised PC. If infected, victims' computers can be used by hackers to steal personal information, spam out malware and junk email, or launch distributed denial of service attacks against innocent parties," said Cluley.
"Sophos recommends that everyone on the internet treats security as a priority when they use the web and email, or risk putting their livelihoods at risk," added Cluley.
Last month, Sophos published research revealing the rise of web-based malware in the first half of 2007. With computer users becoming increasingly aware of how to protect against email-aware viruses and malware, hackers have turned to the web as their preferred vector of attack. |
| |
|
|
| |
|
|
| |
|
|
| |
|
