Contained in e-mails with subject lines such as "sheesh man what are you thinking," the malicious link claims to go to YouTube.com, but actually goes to a URL harboring exploit code.
"This is the first [YouTube] lure that the Storm folks are using but not the first that has used YouTube in the past," said Dan Hubbard, vice president of security research at San Diego-based Websense. "There are a variety of e-mail subjects and bodies but basically they request you to view a video."
Dave Marcus, security research and communications manager at McAfee, based in Santa Clara, Calif., advised people to use caution when clicking on links in e-mails. Clicking on the attachment associated with this particular attack will infect the victim's machine with the Nuwar worm, Marcus said.
"Malware writers continue to use social engineering tactics to infect a user's machine with a copy of Nuwar, this time latching on to the popularity of YouTube to lure people into clicking on the URL," he said. "We expect these spammers to continue to use these types of tactics and it will be imperative that users get educated on how to avoid becoming a victim."
A study released Aug. 27 by Websense found that 12 percent of responding IT managers working for SMBs (small and midsize businesses) had no way to enforce their businesses' Internet usage policies. The report surveyed 450 IT managers and employees within the United States.
The study also found that business-owned computers were left vulnerable to security threats for more than 21 days, on average, despite the daily updates promoted and offered by operating system and anti-virus vendors. Only 4 percent of SMB employees surveyed had daily security updates on their work PCs and 11 percent said the security software on their work PCs had never been updated.
The results are bad news for those concerned about the spread of the Storm Trojan and other malware. According to researchers at McAfee, users who fall for the latest Storm Trojan ruse are directed to a site containing an image that tags back to YouTube's logo.
In the background, an embedded, obfuscated JavaScript routine launches several browser and application exploits to infect the user's machine with a copy of W32/Nuwar. In addition, if a machine is fully patched, the malware author has a backup plan—wording on the Web page meant to entice users into manually downloading the virus.
Hubbard said the overall resources of the attackers, the planning and the resilience built into the infrastructure are why the Storm Trojan remains such an active attack.
"This is clearly planned out," he said.
August 27, 2007
留言列表
