Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2012
    S M T W T F S
    « Jan    
     1234
    567891011
    12131415161718
    19202122232425
    26272829  
    • About Us
    Malware Blog > Buon giorno, here’s your staggering bill

    The smoke from the LINKOPTIM attack against the Italian computing population last month has not completely cleared, but already a new worm that uses email messages in Italian is making the rounds. Last weekend, the Incident Response Team at Trend Micro recorded that as much as 82% of all email messages received by their email honey pot were generated by this worm.

    WORM_SPIAG.A sends copies of itself as attachment to email messages that promise photos of the recipient on a beach.
    “In spiaggia”the subject reads. “In the beach.”

    The email message says:

      Bacini! Ti mando le foto che mi hai fatto questa estate. Una =E8 meglio che la cancelli :)

    A free online translator produced this (surely) loose translation:

      River basins! I’m sending you the photos that you have made this summer with me. A =E8 better than it cancels it

    The attachment file name sustains this picture on the beach scam: SPIAGGIAFOTO.ZIP. When a recipient opens this attachment, the worm executes on the system, and the system becomes a launch pad for further propagation.

    “What’s up with this old-fashioned worm?”, one might ask. It does not even try to cover its malicious acts by, say, dropping and opening an image file to further trick the user, the way some malware do. Instead, it proceeds with its payload right away. It dials to premium numbers, possibly to long-distance numbers or pay-per-view sites. Also, as the Incident Response Team documents, this worm accesses a legit social networking Web site for adults, and this raises questions as to the true goal of WORM_SPIAG.A.

    It’s a worm that carries a dialer payload. Wait, that’s not quite right. Along with the major change in the malware threat landscape (from outbreaks to targeted attacks) is an inevitable shift in perspectives. WORM_SPIAG.A is a dialer with propagation capabilities. Now that’s more like it.

    In any case, the affected user ends up being charged for calls or connections that he or she never intentionally made.

    Well, let’s just say that’s the price of being a stubbornly unwise computer user at a time when complex, coordinated, targeted attacks are rampant, a time when user awareness and carefulness are more critical than ever.





    Share this article
    		 Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon



    This entry was posted on Friday, November 3rd, 2006 at 11:33 am and is filed under Uncategorized . Both comments and pings are currently closed.



    Comments are closed.



     

    Other Trend Micro blogs
    CTO Insights
    CounterMeasures Blog
    Cloud Security Blog
    Consumerization Blog
    Fearless Web
    Internet Safety for Kids & Families
    Simply Security News
    Trend Micro Blog [German]
    TrendLabs Security Blog [Japan]
    Cloud Security APAC
    Trend Micro Free Tools Threat Encyclopedia Trend Micro Videos
    Do you have a product-related question? Visit our eSupport website.

    © Copyright 2011 Trend Micro Inc. All rights reserved. Legal Notice