Viruses, worms, trojans and other stuff

Friday, April 14, 2006

Phishing stooge arrested

Czech authorities have arrested a man suspected of involvement in a gang which phished the bank accounts of innocent internet users.

In what is said to be the first arrest of its kind in the Czech Republic, a man was arrested while waiting at a bank counter in Prague, where he was said to have been attempting to pick up money stolen through the phishing scheme. If found guilty, the man faces up to 12 years in prison.

According to the police, the detained man was hired by a criminal gang to withdraw money from a bank account, which had had funds transferred to it from plundered accounts belonging to Citibank customers. The gang is said to have sent a number of emails disguised as communications from Citibank, asking for recipients to confirm their bank account details and other personal data.

"The Czech police deserves congratulations for investigating this case and making its first phishing arrest. But this is just an opening move in a long game, and we also need to see firm action taken against the phisher kings," said Graham Cluley, senior technology consultant for Sophos. "Sophos experts have for a long time been aware of criminal gangs operating in eastern Europe, which is sadly becoming one of the world's hotspots for internet crime. Everyone needs to be on their guard against phishing, and ensure that their finances are not being put at risk."

First J2ME virus found

Redbrowser.A is J2ME based Java Midlet that sends SMS messages to specific number.

The Redbrowser pretends to be a WAP browser that offers free WAP browsing using free SMS messages to send the WAP page contents. But what Redbrowser actually does is to send SMS messages to one specific number thus it may cause financial losses to the user.

The fact that Redbrowser claims to send free SMS messages as part of its normal operation, is to fool the user into allowing the application permission to use Java SMS capabilities in phones that require permission from the user before sending SMS messages. This claim of free service is a form of social engineering.

The social engineering texts used in Redbrowser.A are in Russian, which limits the trojan only to Russian speaking countries.

Sunday, April 09, 2006

Spammers take a novel approach to selling goods online

Experts have identified a new spam campaign that uses text from a classic Russian novel in an attempt to evade anti-spam software.

The unsolicited email messages contain sections of Mikhail Bulgakov's book "The Master and Margarita", considered to be one of the greatest Russian novels of the 20th Century, but has embedded graphics promoting websites which sell goods to enhance sexual performance.

Today's spammers include news stories, jokes and even text from novels in an attempt to fool anti-spam software into thinking the email is legitimate. In the case of this campaign, the spammers are not even including a clickable link to the spammers' website, but rather asking prospective purchasers to type it in by hand, in order to evade detection by less sophisticated email filters.

"Whether or not Mikhail Bulgakov anticipated the level of success that his novel would eventually meet with is uncertain, but its a safe bet that he didn't anticipate it being used to flog sexual enhancement drugs," said Graham Cluley, senior technology consultant for Sophos. "People are bored to the back teeth with junk email, and should ensure the goods peddled by the spammers do not become bestsellers by never purchasing items marketed in this way."