Spam Pushes Malware Disguised As Screensavers

March 9, 2008 – 6:54 PM

Sunbelt Software is reporting a wave of spam pushing a new variant of backdoor trojan malware.

The spams they show all advertise “3D BeST Screensaver” or “3D Flsh screen$aver” or something like that; “Download for free” and a link. The pages to which the links take you are well-executed and look professional.

As of their initial analysis, the malware was very poorly detected by popular antivirus programs. Only 7 of the 32 programs in their VirusTotal scan detected anything (follow Sunbelt’s links for more details). This will surely have improved by the time you read this, as all those companies have samples.

The site on which the malware is hosted is a strange one. It sells war memorabilia for the US Civil War, the World Wars and “Indian Wars” (as in India, not the American west). The company which owns the site is located in Pakistan. Sunbelt Software says the malware pages seem to be installed through a compromise, but there’s no real effort to hide them.

Full Story…

  1. One Response to “Spam Pushes Malware Disguised As Screensavers”

  2. It all falls back to TRAIN YOUR USERS. Teach them about the basics of security and some of this will be eliminated.

    Troy

    By manunkind on Mar 9, 2008

You must be logged in to post a comment.