Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
On a daily basis, online spammers and hackers are hard at work conjuring up<br />
crafty ways to compromise unsuspecting PC users. E-mail inboxes and social<br />
networking sites are two popular attack targets. This article looks at a selection<br />
of nefarious Internet activity that has made recent headlines, including<br />
geolocation and URL shortening e-mail attacks, along with emerging threats<br />
plaguing sites like Twitter. In each case discussed below, you will notice that<br />
the techniques used by scammers are actually simple by design, but are quite<br />
effective and can often have damaging effects.<br />
Geolocation<br />
In recent months, a malware variant known as<br />
Waledac has resurfaced. Believed to be a reincarnation<br />
of the infamous Storm Worm, the<br />
Waledac worm is embedded in an e-mail attachment<br />
and spreads using the infected<br />
computer!s e-mailing networks. Waledac has<br />
generated several spam campaigns in 2009 -<br />
a number of which have featured a technique<br />
called geolocation.<br />
Geolocation, also known as IP geolocation, is<br />
relatively simple. When in action, it looks at<br />
the IP address of a person visiting a Web<br />
page and cross references that IP address<br />
against a database that tells it exactly where<br />
the IP address is assigned. The result is a<br />
Web page that appears to be customized for<br />
you. This is similar to the frequently seen<br />
banner ads promoting dating sites, such as<br />
“Hot Singles in Kalamazoo are waiting for<br />
you,” or something along those lines where<br />
“Kalamazoo” would obviously be your city of<br />
residence. By utilizing a visitor!s IP address<br />
when they arrive at Waledac!s target sites, the<br />
information can be customized to appear to<br />
be local to the visitor.<br />
However, Waledac attacks do not usually wait<br />
for the user to download the malicious executable<br />
on his or her own. Oftentimes, a hidden<br />
iframe on the landing page will begin the<br />
download without the need to click any of the<br />
links. These domains are always on the same<br />
fast flux type of networks that this group has<br />
www.insecuremag.com 34