Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-04-02 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Trojan postcards; Using authorized apps to do bad things; More IE and Outlook problems?

Published: 2005-04-02
Last Updated: 2005-04-03 09:19:46 UTC
by Greg Shipley (Version: 1)
0 comment(s)

Postcard Trojans


We're receiving more reports of email messages coming in posing as "postcard pickup" notifications that wind up delivering a trojan payload. One example we were forwarded is an email message claiming "You have just received a virtual postcard from a family member!" which apparently sends you to a "pickup" site that gives you an mIRC-based trojan. While it's sad that we have to say this, the amount of cruft that's being delivered via email continues to encourage us to take a "default deny" posture; without knowing the true source of an email, one has to be cautious on accepting just about everything these days.

Use of authorized apps in client side attacks


One reader wrote in and made a good observation that some of these client-side hijackings (like the trojan mentioned above that hooks mIRC) slide past most AV engines and even desktop firewalls; they are considered "authorized" applications by most controls, therefore appear to be benign (when they really are not). We continue to see trojan delivery models that leverage existing applications, and this is something that we - as a community - are really going to need a long-term solution for. Some further reading on the topic, if anyone is interested:

"Take back the desktop," from the March 17th issue of Network Computing


(175k PDF)

More Outlook and IE problems?


While this shouldn't come as a surprise to anyone, it looks like we might be in for some more IE and Outlook patching:

http://www.eeye.com/html/research/upcoming/20050316.html">
http://www.eeye.com/html/research/upcoming/20050316.html
http://www.eeye.com/html/research/upcoming/20050329.html">
http://www.eeye.com/html/research/upcoming/20050329.html
Keywords:
0 comment(s)
Diary Archives