Valentine’s Day – Heart Healer or Password Stealer?
More worries on the way for the unwary according to Symantec Hosted Services blogger as only five out of 41 scanners detect romance-themed malware
(EMAILWIRE.COM, February 12, 2010 ) Press Release Distribution Service - http://www.emailwire.com/us-press-release-distribution.php
Hong Kong - Animated heart-shaped cards aimed at healing restless hearts are common during the Valentine season. However, according to the latest blog post by Bhaskar Krishnappa, Malware Analyst, Symantec Hosted Services, hidden malware is exploiting this holiday, causing pain to both users and security vendors alike.
Krishnappa describes one attack that, when analysed, was found to contain a component called ScriptCryptor (http://www.abyssmedia.com/scriptcryptor/). Despite the fact that the ScriptCryptor tool is designed to build legitimate applications, it being misused by malware authors to construct executable files using social engineering themes such as “For u, girls)))”
“It is quite handy for people aware of minimal scripting, Java or VBs knowledge. Additionally, more authors can add their arbitrary resource icon and the version information to the executable file,” he says.
The main feature of this tool is the original script that is used to generate a Delphi executable.
“It is internally encrypted using a blowfish algorithm. Most of the AV scanners that scan this file think that the file is a non-encrypted Delphi executable and trigger their signatures or generic heuristics written for the Delphi executable and declare the file as clean. But, this is a password stealer which then steals stored passwords from web-browsers,” said Krishnappa.
Krishnappa offers a chilling warning. “At the time of analysis, only five scanners out of 41 were detecting this sample.”
With Valentine-themed spam creeping towards 10% of all spam – or 10-20 billion bogus messages per day worldwide according to best estimates – this romantic celebration is likely to be a heartbreaker for many people.
However, not for customers of Symantec Hosted Services, which is already intercepting the suspect messages as part of its standard service level agreement that guarantees to detect and stop 100 per cent of all known and unknown viruses.
Bhaskar Krishnappa’s complete blog post can be found at https://www-secure.symantec.com/connect/blogs/valentine-heart-healer-or-password-stealer.
Issued by EBA Communications
For more information, please contact:
Brian Paterson brian.paterson@ebacomms.com +852 2122 976
###
----------------------- ------------------------------------------------------------
This press release is distributed by EmailWire.Com Press Release Distribution Service.
For more information on unlimited press release distribution services for $99/month,
go to http://www.emailwire.com/publications/unlimited_press_release_distribution.php
------------------------------------------------------------------------------------
Hong Kong - Animated heart-shaped cards aimed at healing restless hearts are common during the Valentine season. However, according to the latest blog post by Bhaskar Krishnappa, Malware Analyst, Symantec Hosted Services, hidden malware is exploiting this holiday, causing pain to both users and security vendors alike.
Krishnappa describes one attack that, when analysed, was found to contain a component called ScriptCryptor (http://www.abyssmedia.com/scriptcryptor/). Despite the fact that the ScriptCryptor tool is designed to build legitimate applications, it being misused by malware authors to construct executable files using social engineering themes such as “For u, girls)))”
“It is quite handy for people aware of minimal scripting, Java or VBs knowledge. Additionally, more authors can add their arbitrary resource icon and the version information to the executable file,” he says.
The main feature of this tool is the original script that is used to generate a Delphi executable.
“It is internally encrypted using a blowfish algorithm. Most of the AV scanners that scan this file think that the file is a non-encrypted Delphi executable and trigger their signatures or generic heuristics written for the Delphi executable and declare the file as clean. But, this is a password stealer which then steals stored passwords from web-browsers,” said Krishnappa.
Krishnappa offers a chilling warning. “At the time of analysis, only five scanners out of 41 were detecting this sample.”
With Valentine-themed spam creeping towards 10% of all spam – or 10-20 billion bogus messages per day worldwide according to best estimates – this romantic celebration is likely to be a heartbreaker for many people.
However, not for customers of Symantec Hosted Services, which is already intercepting the suspect messages as part of its standard service level agreement that guarantees to detect and stop 100 per cent of all known and unknown viruses.
Bhaskar Krishnappa’s complete blog post can be found at https://www-secure.symantec.com/connect/blogs/valentine-heart-healer-or-password-stealer.
Issued by EBA Communications
For more information, please contact:
Brian Paterson brian.paterson@ebacomms.com +852 2122 976
###
----------------------- ------------------------------------------------------------
This press release is distributed by EmailWire.Com Press Release Distribution Service.
For more information on unlimited press release distribution services for $99/month,
go to http://www.emailwire.com/publications/unlimited_press_release_distribution.php
------------------------------------------------------------------------------------
Contact Information:
Symantec Corp.
Brian Paterson
Tel: +852 2122 976
Email us
This is a press release. Press release distribution and press release services by EmailWire.Com: http://www.emailwire.com/us-press-release-distribution.php.
Symantec Corp.
Brian Paterson
Tel: +852 2122 976
Email us
This is a press release. Press release distribution and press release services by EmailWire.Com: http://www.emailwire.com/us-press-release-distribution.php.
|
Private Equity, Angel Investing
Equity Alliance / Private Equity, Angel Investing, / IPO, Venture Capital & IR services / Equity Alliance International Equityallianceir.com Penny Stocks to Watch Sign up for hot penny stock picks Gains of 500%+ possible! Premiumstockpicks.com/landing/ Satellite TV for PC Watch Streaming Tv Right on Your PC Satellitetelevisionforpc.com Your text Ads & PR Text Ads plus unlimited press releases, One release featured/Day for only $575 per month. Read more on Text Ads & PR Your text Ads Here! Text Ads are only $289 per month. Ads are placed same day. More on Text Ads Advertising |