seashell software

« Is it really all that contrarian of a philosophy? | Main | this really isn't anything new... »

June 29, 2007

Rule #1

Don't talk about Fight Club...no wait, wrong Rule #1. In the world of e-mail, Rule #1 is:

Don't open attachments from e-mail senders you don't know, and even if you know the person, think twice!

This is why a new attack is rearing its head, trying to sucker you in saying you have an e-postcard from a friend or family:

The attack arrives as a spam with the subject line "You've received a postcard from a family member!" and contains links to one of several malware hosting sites, said SANS researcher Lorna Hutcheson in a SAN ISC security alert. The interesting part is just how multi-layered the attack is - it uses several different exploits, both technical and social.

It starts by testing to see if Javascript is enabled, and if it's not, it prompts you to download a file called ecard.exe and run it. If that fails, it tries three different exploits in sequence until it finds one that works, starting with a QuickTime attack, then a WinZip attack, and finally what the ISC calls the "hail Mary" WebViewFolderIcon exploit.

This is how "zombie" systems are created. With a solid zombie PC network under their control, professional spammers can send out those millions of canadian drugstore/viagra/penis enlargement e-mails you get daily.

There's always a temptation to open a suspected attachment when you've got good virus scanning software installed. DON'T!!!:

Perhaps the most dangerous part is that, when SANS ran it through 30 different anti-virus programs, only a quarter of them picked up ecard.exe as a suspect download.

The goal of the virus programmer is to come with stuff that commercial virus scanners aren't aware of. Just. Don't. Open. It.

Posted by Edward J. Branley at June 29, 2007 9:57 AM

Trackback Pings

TrackBack URL for this entry:
http://www.nola-blogs.com/cgi-bin/mt/ruebourbon.cgi/769