McAfee TrustedSource
Create Account | Login  | What is TrustedSource?
 
Home  Threats and Trends  McAfee Research Blog
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 


Latest Malware Threats
 RSS Feed
Exploit.MS04-033.Excel.A2009-06-30
Worm.Agent.W.452009-05-06
Worm.Autorun.cbm.42009-03-08
Trojan.Dldr.Agent.bfbm2009-03-05
Exploit.PDF.33552009-02-28
Worm.Sohanad.BM2009-02-13
View Malware Library
 

McAfee Research Blog

Breaking News: The Evolution of this Blended Threat Attack

August 22nd, 2008

Recently, there was a lot of media buzz and attention on the latest spam tactic used to get users to download a fake flash player onto their system.  This attack was in the form of email that varied in its complexity from a simple “CNN Top 10″ subject to emails that mimicked the actual CNN news alerts (with links even going back to the CNN web site).

As any successful spam campaign will do - this attack mutated during the week with attempts to mimic MSNBC - subjects included “msnbc.com - BREAKING NEWS”  with the breaking news involving everything from Google launching free music downloads in China to reports of credit cards numbers being stolen.  The email line was very simple - but there was a link to “find out more”.    Following in the criminals lead, the average user would think they are selecting a link to take them to MSNBC to learn more - while they are really being sent to a malware server.   The intent of these emails was once again to trick the user via a social engineering attack into installing a fake flash player onto their PC.

By the end of this week it has further evolved to provide less noticeable subject lines (ex:  Weekly top news) with actual news stories (Russia’s pledge on Georgia pull-out) that involved certifiable facts and once again a link to show you the latest video so that you can see more.

When you visit the site, it will attempt to download a file which will install the fake flash player on your box.  This particular malware is labeled by Secure Anti-Malware as “WW: Trojan.Dldr.Exchanger.AA”.

Illustration of results of going to one of these sites

What can you do to protect yourself?  Do not click on links in emails - all of the best practices you have been following for phishing emails that ask for your personal or financial information should carry over to all emails that you receive.

In addition to this blended threat with the fake flash player, this week we have also seen a noticeable increase in the “Fake AntiVirus” and “Fake Spyware Remover” sites.  Interesting that as these spam attacks and viruses are discussed, the rate of malicious tools that report to solve the users problems from these attacks are also on the rise.

Back to McAfee Research Blog overview

McAfee Homepage | Contact | Privacy Policy

Copyright © 2007-2009 McAfee, Inc. All Rights Reserved.

ANY INFORMATION PROVIDED BY MCAFEE ON THIS BLOG ARE OFFERED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES, CLAIMS, PROMISES OR GUARANTEES ABOUT THE ACCURACY, COMPLETENESS, OR ADEQUACY OF THE INFORMATION CONTAINED IN OR LINKED TO AND NO RIGHTS ARE CONFERRED. BY USING THIS BLOG, YOU ASSUME ALL RISK FOR YOUR USE. IN NO EVENT WILL MCAFEE BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT MCAFEE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE. MCAFEE HAS NO OBLIGATION TO POST BLOG SUBMISSIONS OR RESPONSES.