Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

Spam Spoofs FTC E-Mail To Distribute Keylogger
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 30 Oct 2007 02:20:24 -0600 (CST)
http://www.informationweek.com/news/showArticle.jhtml?articleID=202603073

By Thomas Claburn
InformationWeek
October 29, 2007 06:00 PM

The Federal Trade Commission, which regularly goes after spammers for 
violating the law, Monday warned that a spammer is sending out bogus 
e-mail messages that purport to come from the FTC.

The FTC said that the fraudulent e-mail makes reference to an FTC 
complaint supposedly filed against the message's recipient. The message 
includes links and an attachment that download a virus.

"Simply opening the e-mail does not appear to cause harm," said the FTC. 
"However, it is likely that anyone who has opened the e-mail's 
attachment or clicked on the links has downloaded the virus on their 
computer, and should run an anti-virus program. The virus appears to 
install a 'key logger' that could potentially grab passwords and account 
numbers."

The apparent originating e-mail address, frauddep () ftc gov, is 
fraudulent, according to the FTC, as is the information in the messages 
return-path and reply-to fields. "While the e-mail includes the FTC 
seal, it has grammatical errors, misspellings, and incorrect syntax," 
the FTC said.

The FTC has asked recipients of such messages to forward them to 
spam () uce gov and then to delete them.

Last week, SophosLabs said that the United States relayed 28.4% of the 
world's spam, more than fives times more than the number two relaying 
country, South Korea (5.2%). "Relaying" in this context refers to 
computers, "zombies" typically, that send spam at the behest of a remote 
spammer, who may or may not be in the same country.

"The problem is there are thousands of spammers using many thousands of 
compromised zombie computers in the US," said Carole Theriault, senior 
security consultant at Sophos, in a statement. "The only way we're going 
to reduce the problem is if US authorities invest a lot more in 
educating computer users of the dangers, while ensuring ISPs step up 
their monitoring efforts to identify these compromised machines as early 
as possible."


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com

  By Date           By Thread  

Current thread:
  • Spam Spoofs FTC E-Mail To Distribute Keylogger InfoSec News (Oct 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]