Customer Support and Email Worms

This morning, I received a spam email with a worm attached that actually made it past my spam filters and I have to admit, it is pretty clever. In fact, the thing that impresses me is the amount of social engineering and creativity that goes into these attacks.

The one I received this morning has the subject line: “Mail server report.” Here is the text of the email.

Mail server report.Our firewall determined the e-mails containing worm copies are being sent from your computer.Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably. After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

This email was accompanied by an attachment named: Update-KB984-x86.zip. This was infected with…well, an email worm. They actually told me what it was in their own email…by claiming to protect me from the thing they were sending me in the email.

Turns out the attachment was a ‘Worm.Stration’ variant. Evidently, the Stration Worm (also know as the Warezov worm) is fairly new although it does the same old thing that worms have been doing for years. The difference is that these new guys are able to survive in a world with multilayered spam filters and triple-decker anti-virus, anti-spyware, firewalled systems.

According to a Microsoft blog, McAfee, Symantec and Microsoft’s own antivirus didn’t detect this one. As malware goes, this one doesn’t do much but it is spreading extremely rapidly due to its ability to avoid detection and the use of social engineering.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s