Antivirus News

Security firm Sophos is reminding users of the threat posed by image spam following a new campaign, which claims to offer a cut-price edition of Microsoft Windows Vista.

Image spam, which uses a graphic embedded in an email rather than regular text, has grown in popularity amongst spammers attempting to communicate their marketing messages to Internet users. Often image spam is used for promoting stock pump-and-dump scams or drugs to help with weight loss and sexual performance. In the latest widespread campaign seen by Sophos experts, image spammers are offering a bargain edition of Microsoft’s new operating system, Windows Vista.

The spam email claims that the recipient can save $319.05 by downloading Windows Vista today.

It is not clear whether acting upon the spam would furnish the computer user with a pirated edition of Windows Vista or simply steal their credit card details.

“This widespread spam campaign carries all the hallmarks of a typical image spam. The spammer has added random noise in the form of speckled pixels to make the graphic slightly different on each sending, and users are told to type in the name of the website rather than clicking on a link,” said Graham Cluley, senior technology consultant for Sophos. “Approximately 30% of all spam is now using images to try and sneak past anti-spam filters. Computer users need to ensure that they have strong defenses in place or they will continue to be bombarded by nuisances like this.”

“The growth of image spam is one of the security stories of the year. Internet users should make it their New Year’s resolution to make 2007 the time they got wise to internet threats,” continued Cluley. “It’s worrying just how poorly educated people are about web and email threats. System administrators and security geeks know about informative websites like GetSafeOnline but the average man in the street hasn’t got a clue.”

CafePress.com, the site which allows users to open up their own online store selling customised merchandise such as t-shirts and mugs, has been hit by a denial of service attack.

In a statement to store owners, Jill Ambrose of CafePress.com said the targeted attack had resulted in “significant service interruptions”.

“As of right now some customers have access that appears normal, some have intermittent access, and some have no access at all. We will continue to update the CafePress Community Forum (http://forums.cafepress.com/eve) as we have more to share, and we urge you to check there for the most recent information,” she said. “We do consider this an attack on CafePress, but we’re most disturbed at how this victimises our community of Shopkeepers.”

The motive and source of the attack remain unclear. CafePress.com said it was “working with the proper authorities” in trying to resolve and investigate the source of the attack. CafePress.com handles the website hosting, order fulfillment and payment processing on behalf of various store owners.

Distributed denial of service attacks are used by hackers to disrupt the operation of websites by flooding sites with spurious traffic from zombie computers in an attempt to make them inaccessible to the general public. Experts at net security firm Sophos speculate that the hackers may have deliberately targeted CafePress.com in the run-up to the holidays, a prime shopping period.

“Denial-of-service attacks have become a standard element in the hacker’s arsenal. Whether they are hitting websites in order to blackmail them, or because they have a grudge against the company, hackers can inflict great harm to the online presence of a business,” said Graham Cluley, senior technology consultant for Sophos. “CafePress.com has done the right thing by keeping its users informed of the problem and working closely with the authorities to investigate this crime.”

Two men who infected more than 100,000 computers with a Trojan that generated profits exceeding 12 million Euros have been jailed in Germany.

A court in Osnabrück sentenced one of the men to four years and the other to a 39 month sentence for their part in a criminal scheme that subverted innocent internet users’ PCs with software that dialled premium rate 0190 phone numbers to contact an adult website.

The men, aged 31 and 35 years old, amassed substantial illegal profits from the scam between July 2002 and September 2003.

‘Having infected a staggering 100,000 computers and run up huge phone bills for the unsuspecting users, the culprits are now facing Christmas in the slammer,’ said Graham Cluley, senior technology consultant for Sophos.

‘The German authorities must be commended for bringing these offenders to justice, and other hackers should look long and hard at the punishment dished out and ask themselves whether, in the long run, internet crime really pays,’ said Cluley.

Prosecution requests for an additional fine of 7.75 million Euros was rejected for legal reasons. Earlier in 2006, two other men were jailed for 18 and 22 months in connection with the case.

Messages shilling cut-rate copies of Windows Vista are using the latest image tactics to slip through spam filters, the Sophos security company warned Tuesday.

The junk mail touts Windows Vista Ultimate for sale at a $319 discount, said Sophos, which also noted that the campaign relies on several current spammer techniques to trick defenses, including random background pixilation, hiding the bulk of the message in an image, and requiring the user to manually type in the URL rather than embed an easily-found link.

“This carries all the hallmarks of a typical image spam,” said Graham Cluley, a Sophos senior technology consultant, in a statement. “Approximately 30% of all spam is now using images to try and sneak past anti-spam filters. Computer users need to ensure that they have strong defenses in place or they will continue to be bombarded by nuisances like this.”

Sophos wasn’t sure whether the deal was semi-legitimate — that a copy of Windows would actually be shipped to the user — or if the spammer was actually a phisher harvesting credit card numbers. If the former, the copy would almost certainly be counterfeit, since Microsoft has yet to release Vista to any but volume license customers.

In fact, Microsoft last week warned users of that very thing as it updated Vista to block pirates who had cobbled together a bogus operating system from Vista previews and the final code. “Users can be confident that 100% of the copies of Windows Vista advertised for purchase or download prior to the January 30, 2007 consumer general availability date are counterfeit,” Microsoft said in a statement Thursday, Dec. 14.

“The growth of image spam is one of the security stories of the year. Internet users should make it their New Year’s resolution to make 2007 the time they got wise to Internet threats,” Sophos’ Cluley continued. “The average man in the street hasn’t got a clue.”

Hackers are planning to target social networking sites such as MySpace and Facebook in a multi-billion-dollar “cyberwar” next year, security experts warn.

 

Network security experts predicted cybercriminals will launch a campaign to gather personal information from users of the popular websites.

Details including age, sex, marital status and locale are available on the sites, and malicious users plan to trawl the networking websites collecting this data and picking targets for phishing scams.

Hackers will also focus on instant messenger users and web-based phone services to steal people’s identities and commit other online crime.

Graham Cluley, senior consultant at Sophos, said: “The huge popularity of sites such as MySpace means it is an increasingly attractive target for criminals, who are always looking for new ways to gather information.”

“If the hackers know you have a particular interest, this can be used to target you in a phishing attack. They know what you’re into and can exploit this to obtain more information from you such as credit card details,” he said. “People are putting far too much information online and into the hands of identity thieves. Young people in particular, need to be very careful as it may come back to haunt them.”

Windows Vista is wide open to nearly 40% of the malware currently circulating, Microsoft has admitted, following a report by Sophos.
Remarkably, with the new operating system just released to business, the software giant says in effect that there is nothing it can do about the threats in question — Stratio-Zip, Netsky-D and MyDoom-O — because they rely on social engineering to invade systems. The three threats together account for 39.7% of currently circulating malware, according to Sophos.

“Based on our initial investigation, Microsoft can confirm that these variants do not take advantage of a security vulnerability, rather they rely on social engineering to infect a user’s system,” Microsoft says in a statement.

While the email system built into Vista, Windows Mail Client, stops all of the top 10 viruses identified by Sophos for November, the three threats outlined can infect systems when a third-party email client is used, Sophos said last week. Stratio-Zip was November’s top malware, accounting for one-third of virus traffic, says Sophos.

Sophos says that while no Vista-specific viruses have yet been detected, they are likely to appear soon. “It won’t be long before cyber criminals develop Vista-specific malware or modify current threats to fit the bill,” said Ron O’Brien, Sophos senior security analyst, in a statement. “The Stratio-Zip worm, for example, remains on the top ten list due to constant, minor alterations to its code that force security systems to re-identify the malware.”

Few actual installations of Vista currently exist, since the OS was only launched on Thursday. Sophos and McAfee have antivirus products ready for Vista, but Symantec, Trend Micro and CA are still working on theirs.

Microsoft congratulates itself on the “aggressive security design decisions” it took with Windows Mail Client, but says if users choose to use other, more vulnerable email programs they can configure User Account Control (UAC) to help limit the damage users can cause if they’re infected.