MessageLabs is warning computer users to be on their guard against a new email using mass-mail social engineering techniques to dupe users into clicking on a malicious URL, which will open up PCs to unauthorised access.

The emails are very similar to those generated by strains of the Mytob family of worms that have been spreading in the wild, particularly W32/Mytob.DA variant.

The malware utilises sophisticated social engineering techniques, spoofing the senders address to replicate the recipients domain. The email purports to be from the security administrator of the recipients organisation and asks the user to follow the URL to confirm their email account in order to prevent it from being suspended. The web link they are directed to is also spoofed to appear to connect to the target companys website.

If activated, the web link in the email message will download a file named 'ConfirmSheet.com', which will enable infected machines to be remotely controlled.

Email characteristics:

Subject lines: IMPORTANT Please Confirm Your Account IMPORTANT Please Validate Your Account Account Alert Important Notification Notice of account limitation Notice: Last Warning Security measures (The subject may also be blank or contain a series of random characters).

Body Text:

Dear Valued Member,

According to our terms of services, you will have to confirm your e-mail by the following link or your account will be suspended within 24 hours for security reasons.

http://www./confirm.php?email

Thank you for your attention to this request. We apologize for any inconvenience.

Sincerely, Security Department

Detection

MessageLabs detected this malware proactively, using its unique and patented Skeptic predictive heuristics technology.

Related links: (Open in a new window.)
www.messagelabs.com/intelligence

View printable version (opens in new window)
Back