Wednesday, November 26, 2014
Search
  
Thursday, December 09, 2010
 Spam Carries WikiLeaks Worm
You are sending an email that contains the article
and a private message for your recipient(s).
Your Name:
Your e-mail: * Required!
Recipient (e-mail): *
Subject: *
Introductory Message:
HTML/Text
(Photo: Yes/No)
(At the moment, only Text is allowed...)
 
Message Text: Wikileaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users? computers.

Symantec observed a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.

The spam email has subject line "IRAN Nuclear BOMB!" and spoofed headers. The "From" header purports to originate from Wikileaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader 'Wikileaks.class' file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat.

Below is screenshot of the email and website that downloads the threat:



W32.Spyrat opens a backdoor using a predetermined port and IP address, allowing an attacker to perform the following actions on the compromised computer:

* Read, write, and execute files
* Steal stored passwords
* Issue commands
* Activate and view a webcam, if present
* Log keystrokes
* Create an HTTP proxy to route traffic through the compromised computer

Symantec cautions users not to open or click on the links or attachments of emails such as these. The company recommends having anti-spam and antivirus solutions installed and up to date to prevent the compromise of personal machines or networks.
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .