Friday, May 18, 2007 1:30 PM
cmosby
McAfee Avert Labs Blog -Downloader-BBS: The Italian Job
Downloader-BBS: The Italian Job
Thursday May 17, 2007 at 4:35 am CST
Posted by Vinoo Thomas
Trackback
McAfee Avert Labs encountered a spam run yesterday specifically targeting individuals in Italy by using a social engineering technique. The spammed email worded in Italian appears to be from the Italian Police warning users that they have evidence that pirated mp3 files were found to be downloaded on their computer. The email has been craftily worded and looks convincing enough for duping recipients that the mail is genuine. A copy of the spammed email is as follows:
Except that makes you wonder: since when did the RIAA team up with the Italian police? 
Such targeted attacks on specific countries or communities are becoming more and more frequent. German internet users must be sick of weekly spam runs of the Downloader-AAP trojan with similar social engineering themes. A typical spam run lasts for a few hours and is usually seeded from a botnet of infected computer. Malware authors typically create a single use disposable trojan and test it against detection by popular antivirus vendors tweaking them until it becomes undetected. This gives the trojan a better shelf life in the wild in order to evade proactive detection by anitivirus software. Next time a spam run is executed, a new variant is used and this vicious cycle continues. It is also observed that the same binary is never used again in another spam run.
The mass spammed Downloader-BBS sample in this case arrives in a password protected archive with the password specified in the message body. Once executed it downloads a dialer program designed to connect to a premium-rate number from a remote web server based in Russia.
You would think most folks would be wary of opening a password protected attachment and inputting the password to execute the payload. But with millions of newbie users using the internet, morbid curiosity will always get the better of someone who is receiving such a type of email for the first time.
Detection for this threat is already available in the beta dats and will released in today’s 5033 DATs.
This entry was posted on Thursday, May 17th, 2007 at 4:35 am and is filed under Malware Research, Spam and Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
Source: Computer Security Research - McAfee Avert Labs Blog
Filed under: Security and Anti-Virus, AntiVirus Information, Internet Hacks, Spam\Phishing