Monday March 22, 2010 10:14 AM AEST

SC Magazine Australia/NZ > News > Messaging > Email Security > Screensaver spam is new malware from old gang: Sunbelt

Vulnerability Alerts

SANS

Microsoft

MS10-016 - Important: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561) - Version:1.1
MS10-015 - Important: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) - Version:1.2

CERT/CC

Latest Comments

"Well, i have had emails sent to me containing update your fb password etc etc my norton picks ..."

on Facebook user profiles hacked, Wall feature relaying spam

by deb | Mar 22, 2010 8:47 AM

"plz i want repair 8GB DataTraveler 1"

on Flaw could allow attacker to decrypt protected USB drives

by haydarsat | Mar 21, 2010 8:53 PM

"I would never have written a comment except... spot on Ash... I kind of wondered whether the ..."

on Internet censorship not a vote-changer

by tashi k | Mar 20, 2010 11:12 PM

"im not receiving my emails can send but cant receive.was fine last night this morning not working"

on Hotmail log-in problems cause user panic

by r reid | Mar 19, 2010 2:24 AM

"hmm... the article sounds very good but isn't his last point spamcop? don't we already have ..."

on Wardriving cop warns of hackers in waiting

by anon | Mar 18, 2010 2:35 PM

Email Security

Screensaver spam is new malware from old gang: Sunbelt

A new wave of "3D screensaver" spam is directing recipients to a malware site from a notorious malware gang that had ceased activity in January after their site was attack by a rival group of cybercriminals, researchers at Sunbelt reported.

A new wave of “3D screensaver” spam is directing recipients to a new malware site from a notorious malware gang that had ceased activity in January after their site was attack by a rival group of cybercriminals, researchers at Sunbelt reported Monday.

According to the Sunbelt malware research team, the screensaver spam is pointing to a site put up by Loads.cc website, indicating that the gang, said to be responsible for distribution and installation of numerous spambots, keyloggers, DDoS bots, adware and rootkits, is back in business.

The group behind Loads.cc, believed to be based in Russia, shut down their original domain address in January after suffering suffered a DDoS attack from a rival malware gang utilising a Barracuda botnet, the Sunbelt team said.

After one of the infected screensavers is installed by the recipient, malware activates an HTTP GET request for a PHP script (manda.php), which may return a URL of additional malware for the bot to retrieve and install.

See original article on scmagazineus.com

Secure Computing Magazine

Ads by Google

Thoughts on this article? Add a comment below.

Be the first to comment on this article.

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Most Read
Most Discussed
Latest News

Messaging Whitepapers

Screensaver spam is new malware from old gang: Sunbelt

Sponsored Links

SC MAGAZINE SITEMAP

CATEGORIES

News

Alerts

Products

Stats

Blogs

Photo Galleries

Whitepapers

Events

Jobs

Downloads

Vulnerabilities & Exploits

Breaches & Exposures

Messaging

Mobile

Access Control

Biometrics & Forensics

Legal

Risk Management

Job Centre

Patch Management