Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

December 8th, 2010, 14:11 GMT · By

Fake WikiLeaks Emails Lead to Backdoor

SHARE:

Adjust text size:


Fake WikiLeaks emails in circulation
Enlarge picture
Security researchers from Symantec warn that malware distributors are piggybacking on the WikiLeaks news storm in order to spread their malicious programs.

At the beginning of last week, WikiLeaks started publishing leaked U.S. Department of State cables that give a clear insight into the country's foreign relations.

The organization is said to be in possession of over 250,000 diplomatic reports spanning years and originating from 274 U.S. embassies, which it plans to release gradually.

Interest into the information revealed in these cables is so high that cyber criminals couldn’t miss the chance to capitalize on it.

Rogue emails intercepted by Symantec, which purport to come from a wikileaks@wikileaks.org email address, are using explosive news headlines to trick users into clicking on malicious links.

IRAN Nuclear BOMB!” one such communication is titled. The contained message looks unrelated and reads “OBAMA is an IMPOSTOR!

This kind of confusing and incomplete message is meant to get recipients curious enough for them to click on the included link.

If they do that, they get served a malware downloader in the form of an unsigned Java applet. Allowing the applet to run is a very bad idea, because its purpose is to download a worm known as W32.Spyrat.

W32.Spyrat opens a backdoor using a predetermined port and IP address, allowing an attacker to perform the following actions on the compromised computer: eead, write, and execute files; steal stored passwords; issue commands; activate and view a webcam, if present; log keystrokes; create an HTTP proxy to route traffic through the compromised computer,” Symantec researcher Samil Patil explains.

The fact that WikiLeaks has recently lost control over wikileaks.org and is now using over 1,000 backup mirrors hosted on different domains might lend credibility to links distributed in such attacks.

Users should exercise increased caution when faced with links in emails, even when they appear to come from trusted sources. They are also advised to get their news by directly visiting the websites they trust.

TELL US WHAT YOU THINK:

924 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Fake Google and Facebook Joint Prize Campaign Leads to Zbot
ZeuS-Related Fake Electronic Tax Payment Emails Are Back
More Fake Adobe Reader Update Emails
Fake Facebook Alerts Distribute ZeuS Trojan

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use