The temptation to snoop online might be strong for some but it comes with a price. John Hillman on the latest celebrity malware vector

The internet provides opportunities to indulge our curiosity like never before; unfortunately this includes our capacity for snooping around in other people’s private lives, a less than admirable human trait.

Cyber criminals, never slow to recognise an opportunity, are more than aware of this fact and happily use our inherent nosiness to exploit gullible people into downloading malware with the simple promise of a video containing a naked celebrity.

It beggars belief that such a crude system actually works but even in 2009 it seems that there are still thousands of you out there who just can’t resist a click, no matter how unlikely the promise sounds to a rational mind.

Over in the US this has been emphasised by the recent appearance of a video reportedly showing an ESPN reporter called Erin Andrews cavorting around in her hotel room with no clothes on. Erin Andrews is apparently quite attractive – a sort of Hollywood version of Gabby Logan.

As you can imagine this caused quite a stir with US “sports” fans, so much excitement in fact that some of them actually awoke from their beef-and-cola comas long enough to start trawling the internet looking for said video.

What happened next? Malware, lots and lots of malware, downloaded via a link that promises the content once you have installed a video player. Many people (well, men probably) have been fooled by the use of a web page that looks like it belongs to CNN, lulling them into a false sense of security.

The lesson here is a very simple one: promise of naked celebrity + free video download = broken computer. You have been warned.

—————————————–

Image Credit: Robert.Montalvo

A new report my McAfee’s research team in Bangalore provides some interesting information on the re-birth of removable storage malware. John Hillman has a look at the details.

This month’s report from our friends in Bangalore, on the latest surge in removable storage malware, made for some pretty interesting reading.

The team explain how, long before we all came to associate viruses exclusively with the internet, floppy disks were the vectors of choice for attackers - under 25s should try to imagine a floppy disk as a square retro-ish looking piece of plastic about the size of a Sunday newspaper and capable of storing about one tenth of the information found therein.

It was no surprise then that once the internet revolutionised the way we sent and received information hackers gave up trying to build Rome with matchsticks and began spreading malicious code via e-mail instead.

Today, however, our removable storage devices, from digital picture frames to MP3s, are capable of storing more than 10,000 times more data than your old floppy ever dreamed of. So, it’s not really surprising that virus authors are once again beginning to recognize the potential of our plug-ins as an excellent means of randomly ruining everybody’s day.

This vector is being aided and abetted by our old friend AutoRun, because it automatically launches the content on a plug-in device without any prompting from the unsuspecting victim. Furthermore, many of today’s devices also happen to be what’s known as “smart”, meaning that they can run portable software programmes and boot operating systems.

The last few years have apparently been good for malware authors who use AutoRun to deliver their malicious payloads, with some truly worrying successes. A lot of this has been thanks to slack quality-control practices by hardware manufacturers, which caused many devices such as USB sticks, Picture Frames and MP3s to be sold to consumers with AutoRun malware preinstalled.

Such has been their success that the U.S. military was forced to try and ban removable storage devices, a task made virtually impossible by the necessities of troops in the field. But the most shocking aspect of the report has to be news that an astronaut on the International Space Station allowed a worm to boldly go where no worm has been before by taking a laptop with an infected USB drive with him on a space mission. Apparently he didn’t have any malware protection on his laptop, which could have prevented the infection; I mean, come on, it’s hardly rocket science is it?

————————————–

Image Credit: Calil Souza

John Hillman reads through McAfee’s spam report and discovers that watches are the new viagra

McAfee Spam report for July 2009 shows a marked difference between spam subjects delivered to .com and .uk addresses.

The UK domain addresses continue to deliver pharmaceutical spam subjects almost exclusively, with all of the top 15 subjects relating to this subject, whereas the .com traffic showed a curious tendency towards replica Rolexes.

.org showed a large amount of spam that had been “bounced back” to a forged “From” address, with one subject “you have received an Greeting eCard” (note the usual poor spelling) pointing to a URL that downloads an executable file and infects the computer.

Based on business and country domains and taken over one complete day in June the lists are as follows:

.com

1. Hello
2. Hi
3. RE: DISCOUNT 80% OFF on Pfizer
4. Replica Watches
5. Undelivered Mail Returned to Sender
6. Delivery Status Notification (Failure)
7. Returned mail: see transcript for details
8. Exquisite Replica
9. Aloha
10. Failure notice
11. Hey
12. Cheers
13. Watches
14. Complete registration here
15. Subscribe on daily news?

.co.uk

1. RE: DISCOUNT 80% OFF on Pfizer
2. Salute, man!
3. All songs zipped
4. Photo gallery
5. Court decision
6. Photos of the place
7. Group these photos together
8. New .pdf variant
9. I’m locked in room
10. Can’t call you
11. Corporate meeting
12. Your house switched off
13. What’s with bar?
14. Add this to work
15. Wondering about slow speed?

.org

1. Delivery Status Notification (Delay)
2. Delivery Status Notification (Failure)
3. failure notice
4. Undelivered Mail Returned to Sender
5. Hello
6. Hi
7. Returned mail: see transcript for details
8. RE: DISCOUNT 80% OFF on Pfizer
9. Replica Watches
10. Exquisite Replica
11. Mail delivery failed; returning message to sender
12. Hey
13. Watches
14. Cheers
15. You have received a Greeting eCard

————————————————————

image credit: jurvetson