Avinti Warns About New Email AttackAvinti Warns About New Email Attack
Avinti has issued a security alert about a new email attack that disguises malicious code behind a seemingly harmless e-greeting
August 15, 2007
LINDON, Utah -- Avinti, a developer of proactive e-mail security solutions, has issued a security alert about a new e-mail attack that disguises malicious code behind a seemingly harmless e-greeting. This latest e-mail attack is part of a recent increase in spam-like greetings that encourage users to click on a link in the body of the e-mail to view an apparently, legitimate site, but instead links to malicious code, or malware . The latest version of this type of blended threat includes the subject line "Movie-quality ecard" and provides an e-mail address of the sender to trick the recipient into clicking on the harmful link.
"Clicking on the Web site address link in the e-mail triggers an installation of one or two files on the user's machine, designed to capture user data. There is no user intervention required; the download is automatic," said Dave Green, Avinti's CTO. "The e-mail appears as plain text but most e-mail clients pick up the plain-text URL and highlight it for the user to click on," he added. "So the e-mail, as plain text, will pass through other antivirus (AV) gateways completely undetected. In case the Web address doesn't get highlighted, the e-mail also encourages users to copy and paste the URL into their browser."
The links lead to IP addresses in various locations, including the U.S. and Eastern Europe, and many that are registered to U.S. Internet Service Providers (ISPs). Some addresses have been associated with previous exploits, and others from ISPs are actually personal computers that have been infected with the malicious code to execute this exploit. The downloaded files are new variants of the Storm Worm that was first detected in January 2007. "Online scanner Virustotal.com shows about one-third of AV vendors tested do not detect the malware," said Green. "However, because this comes through as a blended threat e-mail, it will completely bypass AV products because there is no attached file to scan."
Read more about:2007
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023