Viruses pack triple threat
Published: 19 Jan 2004 11:10 GMT
Virus writers are going beyond "click to infect" programs by merging a trio of techniques to bypass security and compromise computers with malicious code.
Antivirus companies point to the increase in downloader programs in email as part of the trend toward more-complex attacks. These tiny Trojan horses are being used in combination with viral programs and Web site hosting to dupe PC owners and bypass security software.
The latest example of this approach uses a Trojan horse dubbed Downloader-GN. When run, the less-than-3,000-byte program downloads the Mimail.p virus to the victim's computer from a Web site in Russia. That virus then attempts to convince the user to type in personal and financial information, a technique known as "phishing."
The method is complicated and not all that original. Other viruses have attempted to upload other programs from Web sites to augment their abilities, and small download programs are also common. However, antivirus companies say that using all three together is a trend, and that some PC users have taken the bait.
"There is a huge population that recognises these spammings are false, but there is a small population that falls for it," said Craig Schmugar, a virus research manager for security software maker Network Associates.
Downloader-GN was sent out in a bulk emailing two days ago with an accompanying message that claimed to be from online payment company PayPal, according to security software companies. The fraudulent email claimed that PayPal would add 10 percent to the account value of any customer who filled out a form accessed by running the attachment, named Paypal.exe.
"Registration is simple," stated the message. "Just unpack the attachment with WinZip, run the application, and follow the instructions we have provided."
When run, the Downloader program will download a program from a Russian Web site and run it. Antivirus companies identified the program as a variant of the Mimail virus. The program could be changed, but the Web site has currently been taken down by the Internet service provider, said Schmugar.
PayPal is a common target of phishing scams and has posted advice online to tell customers how to avoid becoming a victim. Customers of eBay, Amazon.com, Microsoft and banks are also popular targets of such scams.
Even a small number of successes can make such schemes worth the effort for the virus writer.
"Just like spammers, the malicious coders can make enough money to make it worth their while, if only a small percentage of folks actually fall for the ruse," said a statement from Chris Belthoff, a senior security analyst at antivirus company Sophos. "For those that do, the bad guys can completely drain their bank accounts."
Blocking any executable attachments can protect corporate users, and personal firewalls can give warning when an unauthorised program tries to download a file from the Internet. Moreover, PC users should be cautious of trusting any unsolicited email, Belthoff said.
"Reputable companies do not send out files in this way, and users should think twice before they click on unsolicited email messages," he said.
Did you find this article useful?
52 out of 103 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
