Articles by henric

For the past week a massive attack has infected PCs by tricking users into clicking links in fake messages from CNN.com. The attack has shown little sign of ending soon. The links in the spam mails go to sites which tell you to download the Adobe Flash player to watch a movie. What actually happens when you run this file is that a trojan is installed on your computer. The trojan adds your computer to a worldwide Botnet.

The email itself looks like a completely normal message from CNN.com and some of the links in the email also go to CNN. Right now there is a similar attack in progress, although this time MSNBC.com (NBC’s and MSN’s news site) is used to mask the attack. Spam has flowed in since around 11am on Tuesday. The sites, which the spam messages link to, are most likely hijacked ones and the site owners are probably not yet aware that their sites contain malicious code.

Firefox and Internet Explorer 7 now include filters to block sites like these. However, it normally takes several days before a hijacked site has been reported to these filters. Until then, no warning will be displayed when surfing to these sites.

As we reported yesterday we now see a lot of spam messages with subject lines related to current events. Many of these spam messages contain links to sites that installs a trojan which makes your computer to a spam sending monster. The blog I got Spam? reports that the sites (for example a bogus Porntube which is the adult version of Youtube) is hosted on a number of hacked servers. When someone clicks on the link a pop-up is displayed, telling the user to install an Active-X control which installs the trojan that welcomes you to the Storm Worm botnet. This weekend this botnet was responsible for sending over 8 million spam messages in 24 hours.

F-secure also reports about these spam messages on their blog.

The fact that spammers are trying to take advantage of our curiosity to get us to read their incredible offerings is perhaps nothing new. But recently, we have noted that spammers use gossip to get the recepient interested. The contents of the spam is approximately the same as usual. Some text and a link to a site that sells Viagra, sex toys, watches or other items. In the subject line, however, there is something that attract our curiosity. For example, that Britney is involved in a new scandal, or that oil prices are on the way down. Britney and the American presidential candidates are by the way quite popular as the subject of this type of spam. They all have in common that they all usually relates to a current event.

Some examples:
Oil prices starting to DROP
Obama endorses herbal supplements
Tim Russert’s six scandal exposed at funeral
Nokia unveils revolutionary new phone design
Britney found hanged in locker room
Britney lingerie shoot
Britney in drug scandal in saint tropez
Portugal regrets not bringing herbal supplements

Spammers hope that we are more interested in the Britneys latest adventure than how their own fantastic products can help us.

CBC News reports that the Quebec provincial police have dismantled a computer hacking network that targeted unprotected personal computers around the world. These so called botnets are commonly used to perform hacking attacks against other computers and servers. Botnets are also widely used as senders of millions and millions of spam messages. So will this arrest decrease the spam traffic? Read the rest of this entry »

The problem with VAT number validation for French VAT numbers are now fixed. All valid French VAT numbers should now be validated correctly.

Due to problems with the statistics engine during Wednesday 23/1 and Thursday 24/2, the statistics in report messages of Thursday is summarized incorrectly for some of our members. We apologize for any inconvenience and the problem should be solved in the reports of Friday.