Government Technology

Rash of Spam Uses Social Engineering to Exploit Victims


You May Also Like

May 25, 2007 By

A wave of spam containing the Pirabbean.A Trojan has been discovered. This junk mail tries to attract users' attention with references to the latest episode of the Pirates of the Caribbean saga. The e-mail includes an image that looks like promotional material for the film and claims to contain a trailer and the chance of free tickets if you are in North America or Europe. The message subject simply says: "Pirates of the Caribbean: At world's end."

"This is another example of social engineering in action. Malware creators try to entice users into infecting themselves. For this reason, users should always be cautious and not even open messages from unknown senders, no matter how tempted or curious they are," advises Luis Corrons, technical director of PandaLabs.

The mail includes two links that supposedly point to trailers. However, if users click on them, they are really downloading Pirabbean.A.

"Of course, there are no tickets," warns Paul Ducklin, Head of Technology, Asia Pacific, at Sophos. "And there is no film trailer -- just a malicious program which tries to download further malware from the internet. Remember: if an e-mail sounds too good to be true, then you can safely assume that it isn't true."

When the Trojan is run, it shows an error message. This claims that there has been a problem playing the trailer as the computer does not have the necessary codec, and users are advised to visit the film's official Web site.

"If after clicking on the link nothing happened, users would be suspicious. So in this way, the Trojan hides its malicious action and prevents users from checking whether they are infected," explains Corrons.

Pirabbean.A is also designed to download a dialer, detected as Dialer.KGC. As with all dialers, it is designed to switch the dial-up Internet connection to a premium rate number.

The Trojan also edits some Internet Explorer settings, adding two URLs to the Favorites. If users visit these pages, they will be infected with other dialers.

Ducklin reminds users that there is an easy solution to the risks posed by unknown or unlikely e-mails: "Don't try, don't buy, don't click, don't reply!"


You may use or reference this story with attribution and a link to
http://www.govtech.com/security/Rash-of-Spam-Uses-Social-Engineering.html


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

GovTech Papers and Case Studies View Library


Collaboration for the Public Sector


Collaborative Justice: Transforming Criminal Justice Services Through Unified Collaboration
This issue brief examines video collaboration in every stage of the human justice process, demonstrating how this technology can not only make services more efficient, affordable, and accessible.

Cloud-Based Services Accelerate Public Sector Adoption of Video Collaboration
Today, thanks to new cloud technologies and high-quality networks, mobile video services - which provide not only cost savings but which help governmental interactions become more efficient - are more feasible than ever before.

Modernization as a Service: Acquiring IT through Innovative Procurement

Five Ways Collaboration is Driving Government Performance

Mobile Video Collaboration: The New Business Reality
 

Government Best Practices



Government Technology
Public CIO
Emergency Management
Digital Communities