Network News

X My Profile
View More Activity

Newsflash: Local Man Launches Virus Epidemic

Malware authors are beginning to personalize virus attacks sent through e-mail, blasting out fake news alerts about shocking events that supposedly happened in or around the recipient's home town.

This latest innovation comes compliments of the Waledac worm, widely seen as the successor to the Storm worm, a wily virus that used a seemingly bottomless bag of new tricks to fool people into clicking on links that launch the worm into action.

On Monday, security firm Trend Micro began warning people to look out for bogus "Reuters breaking news" e-mails warning of explosion or other various calamities that have supposedly broken out in a city near you. The message content pulls data from so-called "geo-location" services that can use the recipient's Internet address to make a semi-accurate guess of their nearest town.

For example, a user who lives in Fairfax, Va., might see this subject line in a missive sent by Waledac: "Powerful explosion burst in Fairfax this morning." The message authors also append a Wikipedia link and a Google search link at the bottom to add to the fake alert's legitimacy.

Trend and other security firms first spotted this localization technique used by another Waledac variant last month, which used e-mails claiming to help recipients weather the financial crisis by linking to fake coupons for retail stores in the recipient's area.

By Brian Krebs  |  March 17, 2009; 10:00 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips  | Tags: local news, marshal, waledac, worm  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Massive Profits Fueling Rogue Antivirus Market
Next: Antivirus2009 Holds Victim's Documents for Ransom

Comments

BK, I'm teaching a class for fewer than ten people about the Internet, and will be covering the topic of staying safe online. Would you mind if I printed out several of your blog posts and distributed them during the class? I would also tell the students how to access your blog on their home computers. Thanks.

Posted by: Heron | March 17, 2009 6:34 PM | Report abuse

Equally as disturbing for Firefox 3 users are the several times each hour where the computer 'freezes' while it seems the hard drive is 'going to town.' When you bring up the task bar, nothing is indicated as being 'active' except Firefox.

SOLUTION

Regarding Firefox 3, if you are tired of your computer 'freezing' several times an hour as possibly RSS [or whatever] feeds seize control of the computer, google 'firefox - turn off RSS feeds' and CNET has a solution to turn of URLs, which are apparently grabbing the 'history' from the browser FREQUENTLY.

FOLLOW THE INSTRUCTIONS.

Posted by: brucerealtor@gmail.com | March 18, 2009 4:27 AM | Report abuse

@heron - pls. send me a message at brian dot krebs at washington post dot com

tx

Posted by: BTKrebs | March 18, 2009 9:32 AM | Report abuse

BK: I just sent you an e-mail message. Thanks.

Posted by: Heron | March 18, 2009 12:46 PM | Report abuse

ThomasWhitney, the Post's comment feature isn't always refreshing the page and displaying newly submitted comments. If you refresh the page after that (or hit the F5 key on your keyboard), though, your comment will appear without being duplicated.

After letting another Post writer know about this via e-mail, she put me in touch with one of the Post's website department's staffers. She e-mailed me to say she and her colleagues are aware of the problem, and they're hoping a software update that's in the works will fix this.

Posted by: Heron | March 19, 2009 6:04 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company