January 16, 2008

I am as Good as Dead


It looks like I'm dead! In fact I might have already been dead for a couple of weeks without even realizing it. That's if I believe the emails I've received (I've received the same mail eight separate times and counting). No, it wasn't a death threat against security researchers. It's an email stating that there had been a nuclear accident in Switzerland and everything is now radioactive and contaminated. Since I live in Switzerland, I had a distinct feeling that there was something bogus about this message. Even if I wasn't living here, all of the grammatical mistakes and the absolute lack of umlauts in the message text where there should be some would have been my early clues that this was yet more spam.

In an attempt to prove that there was some truth to the story, the scammers provided a link to a Geocities homepage that provided pictures of the explosion and the cover-up story. If you visit that Web site a small but tricky bit of JavaScript will redirect you to another page that mimics an online photo gallery. They even included cooling towers in the background image to really convince you. But, you need to download a special plug-in in order to view the photos.

By now it should be obvious to everyone that this page’s only intention is to trick the user into downloading and installing a Trojan. This one is detected as Infostealer.Notos!gen by Symantec.

Once again the attackers are trying out sensational messages to attempt to fool users into installing a Trojan that is disguised as a codec or a plug-in. By all means it is nothing new, but people are still falling for it. So, please don’t believe everything you read in emails and don’t click on everything, either.

Oh and yes I’m fine thank you, no contamination over here. (At least none that I’m aware of.)
http://www.symantec.com/enterprise/security_response/weblog/2008/01/i_am_as_good_as_dead.html

No comments: