The e-mails are titled “msnbc.com - BREAKING NEWS” followed by headlines ranging from “Elizabeth Taylor found murdered at home” to “McCain gives up fighting for presidency.” are being sent out at an alarming rate and consumers are urged to delete any suspect emails and not to click on any links in the bogus email.

The spam unleashed Wednesday follows a massive campaign last week in which spammers impersonated CNN.com. That campaign saw 250 million spam messages sent in one intense 24 hour period, according to spam-fighting firm MX Logic Inc. Those e-mails appeared to include links to CNN’s top 10 stories, but Internet users who were tricked into clicking on those links were sent instead to Web sites overseas that were booby-trapped with malicious software.

The attack is launched in a phishing email spam from designed to look like it’s originated from CNN. Called “The Daily Top 10″ which comprises some of the top stories featured at CNN, the email attempts to lure victims to click on a link and visit a spoofed site where they will see something like below :

The phishing email also contains a footer section that appears to be legitimately from CNN, complete with unsubscribe links :

If you do click one of the links you’ll get an innocuous-looking CNN-branded video player and an error message with a notice “Video ActiveX Object Error. Your browser cannot play this video file.” The message then prompts you to install an ActiveX Object… which, of course, is actually a Trojan horse. You can read more about the specific threat here. (Essentially it opens a door to allow for even more malware to be installed.)


If you get one of these emails, DO NOT click on the links and under no circumstances should you allow the site to install the ActiveX component.

Firefox users are not affected by this exploit.

The Federal Trade Commission today told the Senate Committee on Commerce, Science, and Transportation that “legislation authorizing the Commission to seek civil penalties in spyware cases could add a potent remedy to those otherwise available to the Commission.” In testimony to the Committee, Eileen Harrington, Deputy Director of the FTC’s Bureau of Consumer Protection, said that when other enforcement options – seeking consumer redress or making the operators give up their ill-gotten gains – are not appropriate or sufficient remedies to deter spyware distributors, “a civil penalty may be the most appropriate remedy and serve as a strong deterrent.” The testimony states that the agency supports legislation that would provide “the Commission this valuable law enforcement tool.”

The testimony notes that while it is often challenging to locate and apprehend perpetrators who plant spyware on consumers’ computers, the FTC has “successfully challenged the distribution of spyware that causes injury to consumers online,” initiating 11 spyware-related law enforcement actions since 2004.

The testimony states that the Commission’s law enforcement cases targeting spyware reaffirm three key principles.

“The first is that a consumer’s computer belongs to him or her, not to the software distributor, and it must be the consumer’s choice whether or not to install software. This principle reflects the basic common-sense notion that Internet businesses are not free to help themselves to the resources of a consumer’s computer,” the testimony says. Several FTC cases alleged that the defendants downloaded spyware onto computers without consumers’ knowledge or consent.

The second principle holds that spyware downloaders cannot bury disclosures of material information needed to correct otherwise misleading impressions. “Specifically, burying material
information in an End User license Agreement will not shield a spyware purveyor . . .” the testimony states. It notes that in two FTC cases, “the defendants failed to disclose adequately that the free software they were offering was bundled with harmful software programs.”

The third principle is that if a distributor puts a program on a computer, a consumer should be able to uninstall or disable it. The testimony notes that in two FTC cases, the companies downloaded adware that displayed frequent pop-up ads. The agency alleged that “the companies deliberately made these adware programs difficult for consumers to identify, locate, and remove from their computers, thus thwarting consumer efforts to end the intrusive pop-ups.” Settlements required the companies to provide a readily identifiable means to uninstall the adware.

The testimony notes that the agency has coordinated some law enforcement initiatives targeting spyware with criminal enforcers. “Many of the worst abuses connected with spyware are criminal, and, in appropriate cases, the Commission coordinates closely with the Department of Justice.”

In addition to the FTC’s spyware law enforcement initiatives, the agency has made consumer education a priority. “In 2005, the Commission and a partnership of other federal agencies and the technology industry launched a multimedia, interactive consumer education initiative, OnGuard Online, along with a Spanish-language version, AlertaenLinea.” The site attracts more than 350,000 unique visits a month, and many other organizations have adapted the materials for their own use.

“The FTC will continue its aggressive law enforcement and innovative consumer education programs in the spyware arena,” the testimony states.

The Commission vote to approve the testimony was 4-0.

The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC’s online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 1,500 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC’s Web site provides free information on a variety of consumer topics.

MEDIA CONTACT:
Claudia Bourne Farrell,
Office of Public Affairs
202-326-2181

(6-11 spyware)

Malware Overview

This backdoor may be dropped by other malware. It may be downloaded from remote site(s) by other malware. It may be downloaded unknowingly by a user when visiting malicious Web site(s).

It drops copy(ies) of itself.

Upon execution, it displays a fake message box to trick users into thinking that the malware did not execute.

It creates registry entry(ies) to enable its automatic execution at every system startup.

It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user executes certain commands on the affected system. This routine effectively compromises the affected system.

Details : BKDR_IRCBOT.BGY Details
Removal : BKDR_IRCBOT.BGY Removal

Alert Issued on Jun. 7, 2008 1:57:54 PM GMT -0800 by Trend Micro

Although the term spyware suggests that the hidden software secretly monitors the computer owner’s use of their PC, the functions of spyware can and will extend well beyond simple monitoring. Spyware programs can collect a wide array of personal information, such as the computer owner’s internet surfing habits, sites that they have visited and potentially reveal browser saved passwords. Spyware can also interfere with control of the infected computer in other ways, such as installing additional software, redirecting a web-browser to other websites the owner would not normally visit and accessing dangerous websites that will cause more harmful viruses or trojans to be installed without the PC owner’s knowledge. Spyware can also be manipulated to divert advertising revenue to a third party.

In some cases, spyware can also change computer settings, resulting in slow connection speeds, set different home pages, cause a loss of internet access and possibly disable other programs (including anti-virus and spyware removal software). In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.

Our goal is to keep internet PC users up to date on the best Anti-Virus and other threat detection software to promote a safer online experience for everyone.