Malicious software plays on legal fears RRS feed

  • Question

  • Hackers are trying to play on business' fear of legal action from customers to trick them into downloading a harmful program distributed through e-mail.

    The e-mails purport to come from the Better Business Bureau, an organization that monitors and arbitrates disputes between consumers and businesses in the U.S. and Canada. The e-mails assert that a customer lodged a complaint against the recipient's business, according to a warning on the Web site of Websense, a security vendor.

    The e-mails contain a Microsoft Word attachment with the text of the supposed complaint and instructions for how to respond. But embedded in that document is a keylogging program that captures data on the victim's computer and then uploads it to a server in Malaysia.

    The keylogger is purposely mislabeled with a ".pdf" extension -- Portable Document Format -- another widely used document format, to make it look harmless, said Henry Gonzalez, Websense's senior security researcher.

    The trick is another variation of so-called "social engineering" methods used by hackers, which entice users to unknowingly install harmful programs on their computers.

    A Better Business Bureau branch warned of a similar kind of attack in February. At that time, the e-mails contained hyperlinks to malicious Web sites. Some kinds of malicious software can be installed on a user's computer merely by viewing a site engineered to exploit a vulnerability within a Web browser.

    The latest attack, using the Word document as the delivery vehicle for the malicious software, is a tactic hackers are increasingly employing.

    Saturday, May 26, 2007 7:23 PM

All replies

  • Nice info.
    Sunday, May 27, 2007 12:59 AM
  • Thanx for the info.. Will not the antivirus and antispyware programs detect these malicious codes???
    Sunday, May 27, 2007 5:24 AM