Turn off the Ad Banner  

To print: Select File and then Print from your browser's menu.

    -----------------------------------------------
This story was printed from CdrInfo.com,
located at http://www.cdrinfo.com.
-----------------------------------------------

Appeared on: Thursday, December 09, 2010
Spam Carries WikiLeaks Worm

Wikileaks.org is in the news after their recent publications linked to leaked government documents. Spammers are now leveraging the current level of interest with social engineering techniques to infect users? computers.

Symantec observed a wave of spam spoofing WikiLeaks to lure users into becoming infected with a new threat.

The spam email has subject line "IRAN Nuclear BOMB!" and spoofed headers. The "From" header purports to originate from Wikileaks.org, although this is not in fact the case, and the message body contains a URL. This URL downloads and runs Wikileaks.jar which has a downloader 'Wikileaks.class' file. The downloader pulls the threat from http://ugo.file[removed].com/226.exe. Symantec detects this threat as W32.Spyrat.

Below is screenshot of the email and website that downloads the threat:



W32.Spyrat opens a backdoor using a predetermined port and IP address, allowing an attacker to perform the following actions on the compromised computer:

* Read, write, and execute files
* Steal stored passwords
* Issue commands
* Activate and view a webcam, if present
* Log keystrokes
* Create an HTTP proxy to route traffic through the compromised computer

Symantec cautions users not to open or click on the links or attachments of emails such as these. The company recommends having anti-spam and antivirus solutions installed and up to date to prevent the compromise of personal machines or networks.


Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .