The smartly crafted mail is a good specimen of clever Social Engineering adopted by present day malware authors. It goes as follows;
Our robot has fixed an abnormal activity from your IP address on sending e-mails. Probably it is connected with the last epidemic of a Worm which does not have patches at the moment. We recommend you to install a firewall module and it will stop e-mail sending. Otherwise your account will be blocked until you do not eliminate malfunction.
Customer support center robot.
“Some recipients will definitely be stupefied by the ‘System Generated’ appearance of the mail,” says Govind Rammurthy, CEO of MicroWorld Technologies. “Their deluded reflex would tell them that it’s originating from a machine and not created by a human being, which would benumb their ability to smell the rat. That is the very moment the malware writer was hoping for, to slip his malicious file into the victim’s computer”.
The Warazov worm - also known as Stration - is an exe file that appears as a legitimate Windows patch. This variant is a Trojan downloader which brings in malicious files into the compromised computer by contacting various websites via HTTP. Coming with its own SMTP engine, it harvests email addresses from the victim’s address book and sends its copy to all those user ids.
“The Warezov family has been a permanent fixture at most Top Ten Virus charts for six months in a row now. The malware creator’s strategy is to release countless variants of the worm with slight modifications in code to confuse AntiVirus engines. We combat this menace by incorporating an advanced Intentional and Behavioral analysis that nails down the worm, what ever may its attire be,” says Govind Rammurthy.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.