Spam campaign surfs Web on your behalf

The spam campaign uses real news headlines to lure victims into clicking on a malicious link that downloads a Trojan and gives control of the PC and uncontrollable Web access to the spammer, experts have warned.

“They’re using agents and make it look like you’re doing it. Your machine acts like a proxy server, so the controller can perform an illegal act on a Website and it would appear from your PC,” said Adam Biviano, premium services manager from Trend Micro, A/NZ.

“This malware is particularly scary. It is somebody sitting down and spending time looking for local and topical headlines making it a local and active threat,” said Biviano.

This latest campaign has spammers stuffing inboxes with various headlines including: “Law hits Las Vegas ‘fake’ bands”, “Man Awakens From 19-Year Coma”, “Re: U.S. violent crime up again, more murders, robberies”, according to Trend Micro’s security blog.

Furthermore, the body of the email contains the headlines; “Decade Of Mystery: John Ramsey Speaks”, “Man wakes from 19-year coma in”, “Poland US vows to pursue hunt for missing soldiers”, “Password for submitted attachment is xxx” which lead to the malicious Trojan.

The Spam purports to come from various news organisations including BBC, CBS, ABC and Yahoo, according to Trend Micro.

However, SANS Internet Storm Center reported that the source is in fact coming from numerous broadband IPs on several continents.

It [spam] seems to come in different waves, one day you’ll click on a special deal and the other day you’ll click on current affairs, said Biviano.