Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

02:01 AM

Avinti Warns About New Email Attack

Avinti has issued a security alert about a new email attack that disguises malicious code behind a seemingly harmless e-greeting

LINDON, Utah -- Avinti, a developer of proactive e-mail security solutions, has issued a security alert about a new e-mail attack that disguises malicious code behind a seemingly harmless e-greeting. This latest e-mail attack is part of a recent increase in spam-like greetings that encourage users to click on a link in the body of the e-mail to view an apparently, legitimate site, but instead links to malicious code, or malware . The latest version of this type of blended threat includes the subject line "Movie-quality ecard" and provides an e-mail address of the sender to trick the recipient into clicking on the harmful link.

"Clicking on the Web site address link in the e-mail triggers an installation of one or two files on the user's machine, designed to capture user data. There is no user intervention required; the download is automatic," said Dave Green, Avinti's CTO. "The e-mail appears as plain text but most e-mail clients pick up the plain-text URL and highlight it for the user to click on," he added. "So the e-mail, as plain text, will pass through other antivirus (AV) gateways completely undetected. In case the Web address doesn't get highlighted, the e-mail also encourages users to copy and paste the URL into their browser."

The links lead to IP addresses in various locations, including the U.S. and Eastern Europe, and many that are registered to U.S. Internet Service Providers (ISPs). Some addresses have been associated with previous exploits, and others from ISPs are actually personal computers that have been infected with the malicious code to execute this exploit. The downloaded files are new variants of the Storm Worm that was first detected in January 2007. "Online scanner Virustotal.com shows about one-third of AV vendors tested do not detect the malware," said Green. "However, because this comes through as a blended threat e-mail, it will completely bypass AV products because there is no attached file to scan."

Avinti Inc.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
PUBLISHED: 2021-06-16
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
PUBLISHED: 2021-06-16
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197591.
PUBLISHED: 2021-06-16
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passowrds of other users in the Windows AD enviornemnt when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.