Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Malicious greeting card campaign

Aladdin Knowledge Systems : 06 July, 2007  (Technical Article)
Latest delivery mechanism for Trojans comes in the form of unsolicited greeting cards that purport to come from "a friend"
Since June 28, 2007, the world has been bombarded with floods of 'greeting cards', unfortunately not wishing well. Greeting cards with malicious intents were used in the past, time and time again to attack by exploiting technology, the human nature and curiosity. The current wave of greeting-card attacks is similar in methodology to the old fashioned attacks, but finely tuned and crafted to use modern technologies, vulnerabilities, and what we at eSafe call - the attack vector.

The attack vector is the entire path of stages from the attack initiation to a successful infection. For example, receiving an email, with a link to a website, which contains vulnerability exploits, which automatically run some code, which in turn automatically downloads a 'payload' of malicious code, which will infect the PC. The cycle is completed as the infected PC performs the malicious or unwanted activity. As we can see, the attacks are comprised of multiple stages. In the case of the current greeting-card attack, the vector is:.

1 An email is received which claims that an electronic greeting card is waiting on a certain website.

2 The website contains an exploit which will attempt to automatically execute code.

3 The executed code will try to download a Trojan horse.

4 If the website fails to automatically run on the visitors PC, the visitor will be kindly asked to manually download the 'greeting card', which is actually the same Trojan horse.

5 Upon a successful run, the Trojan will use smart methods to send similar emails and turn the infected PC into a web-server, so innocent victims could access it like a regular website and get infected.

In the past, similar attacks commonly included the 'greeting card' Trojan as an email attachment, or just as a link to the downloaded Trojan. This recent attack takes into account that direct email attacks are less effective than in the past, and takes advantage of the fact that many are very vulnerable on the web.

eSafe has always been a unique content security solution which takes into consideration the fact that modern attack vectors are multi-stage. This is the reason that eSafe, unlike other products, blocked these attacks at zero-hour! eSafe blocked the vulnerability and the malicious script on the infected websites, as well as the downloaded Trojan. But keep in mind that if you block an early element of the attack vector, in this case the exploit and script, you do not even reach the stage where you have to block the Trojan payload part.
The greeting card emails are plain text messages and do not contain inside them any malicious code, and the links are very random. It is difficult to block all of them without also blocking some legitimate emails; some might even be real greeting cards. Most of those 'greeting-cards' are blocked by eSafe as spam since they are distributed in very large volumes. The ones that do slip through can simply be ignored and deleted. If someone mistakenly does click on a link, even if he do get to an infected site, any malicious content will be blocked - 100%.

Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo