FYI...
MSN Messenger used as lure in malicious SPAM
- http://securitylabs.websense.com/con...erts/3206.aspx
10.14.2008 - "Websense... has discovered a new malicious spam lure that uses the threat of a virus to encourage users to download a malicious Trojan. The email explains that by downloading the application linked within the email, users can protect themselves against a virus that spams messages to a user's contacts. The email offers an update to Live Messenger Plus - this is actually a Trojan (md5: 5F1D2521F6949F8B71B9FF93C17A8BE2). Antivirus detection rate is low... The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to msn.com.br. A browser then opens pointing to this site... A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware..."
Hi5 "Add Friend" malicious SPAM
- http://securitylabs.websense.com/con...erts/3205.aspx
10.13.2008 - "Websense... has discovered a new malicious, visual social-engineering spam campaign masquerading as official emails sent by the popular Web 2.0 social-networking site Hi5. The email comes in Spanish language, and is -spoofed- to appear as if it comes from the domain hi5.com, an official domain used by Hi5 for their outbound emails when notifying their users of an event. It is common for Hi5 to send an email to notify their users when another Hi5 user adds them as a friend on the social network. However, the spammers embedded malicious links and a fake friend photograph in order to entice the recipient to click on them, which leads to a download of a Trojan horse (md5: 5f6b089f0048e6510c78bb38a3909b9c). The malicious application aims to steal confidential logins for a popular Mexican bank. A-V detection of this banker Trojan is low... A fake Hi5 friend request is included in the body of the email. We have previously alerted on a similar attack relating to Facebook "add friend" Malicious Spam. This clearly indicates that spammer and malware authors are increasingly targeting Web 2.0 sites to carry out their attacks..."
(Screenshots available at both URLs above.)