Wednesday, October 26, 2016
All News Categories
Reviews Around the Web
DVD Media Formats
Optical Storage Software
News Around The Web
Thursday, December 09, 2010
Spam Carries WikiLeaks Worm
You are sending an email that contains the article
and a private message for your recipient(s).
(At the moment, only Text is allowed...)
Wikileaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users? computers.
Symantec observed a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.
The spam email has subject line "IRAN Nuclear BOMB!" and spoofed headers. The "From" header purports to originate from Wikileaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader 'Wikileaks.class' file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as
Below is screenshot of the email and website that downloads the threat:
W32.Spyrat opens a backdoor using a predetermined port and IP address, allowing an attacker to perform the following actions on the compromised computer:
* Read, write, and execute files
* Steal stored passwords
* Issue commands
* Activate and view a webcam, if present
* Log keystrokes
* Create an HTTP proxy to route traffic through the compromised computer
Symantec cautions users not to open or click on the links or attachments of emails such as these. The company recommends having anti-spam and antivirus solutions installed and up to date to prevent the compromise of personal machines or networks.
Site best viewed at 1024x768+ -
1998-2016 - All rights reserved