Phishing Scam Themed On China Earthquake
These are times when the malware in your inbox can give you some idea of what’s happening in the world. Register points out that e-mail with infected word attachments are making the rounds.
E-mails contain the text:
BEIJING, May 20 (Xinhua) — The death toll from the earthquake in southwest China’s Sichuan Province has risen to 34,074 nationwide as of 2 p.m. Saturday, while 198,347 people were injured, according to the Information Office of the State Council. Pay attention to attachment for more.
Malware authors waste no time in crafting mails that seem to provide useful information relating to tragedies or natural disasters. The pattern has become noticeable in recent times and will be growing in future.
Security Threat At US Power Company
Security is not about just getting the right policies and tools in place. They have to be monitored and the policies enforced. The federal report on the Tennessee Valley Authority power company’s susceptibility to cyber attacks paints a grim picture about enforcing security policies.
An excerpt from TechWorld:
Shortcomings of its supervisory control and data acquisition (SCADA) network itself included misconfigured or inactivated firewalls, ineffective passwords, inconsistent configuration management and lack of virus protection, according to the report, “TVA Needs to Address Weaknesses in Control Systems and Networks.”
At a time when malware are scouring the web for exploitable sources, the control of critical infrastructure is the first point to be secured.
Trojan downloads on the rise
A report compiled by Microsoft on security breaches last year points to some serious trends in growth of malware.
An excerpt from News.com:
Of the malicious software attacks, there was a 300 percent increase in the number and proportion of Trojan downloaders and droppers that were detected and removed, according to the report.
Win32/Nuwar, also called the Storm Worm, is an example of a Trojan dropper. It arrives in an e-mail, enticing recipients to visit a Web site, and then installs a Trojan on the computer that provides back-door access. The worm has been continually updated to avoid detection and now more than half a million systems have been infected worldwide creating a botnet, the report says.
Also to be noted are that malware authors are increasingly looking at surreptitious complicated ways to extract sensitive data from the victims.
Seems that malware never have problems in picking from a range of unsecured sites to infect. This time its about 2,00,000 of them infected with a script that takes users to a video but requires a special codec to be downloaded.
An excerpt from Heise Security:
Users who download the “codec” not only get the Zlob Trojan, but also a DNSChanger that sets Windows DNS entries to fake servers which redirect requests for banking sites to the addresses of phishing sites. The phoney codec also downloads additional malicious baggage. Virus scanner detection is patchy. Avast, CA, Gdata, McAfee, NOD32, Panda and Symantec do not yet recognize the virus – more than a third of the virus scanners in the most recent c’t virus scanner test.