Gillian Shaw, CanWest News Service
Published: Thursday, August 30, 2007
Viewing this YouTube video could be dangerous to your computer's health.
That's a warning from the technology security specialists at Sophos, who are tracking the latest virus outbreak being delivered through malicious e-mails purporting to be links to YouTube videos, with such enticing subjects as: "Dude, what if your wife finds this?"
Security experts believe the current virus attack could precede a repeat of the massive pump-and-dump stock e-mail spam that occurred earlier this summer.
Pump-and-dump spam schemes use unsolicited e-mail to tout a company's stock, reaping profits for its instigators. After pumping the price with their hype, the stock sellers dump their shares and other investors are left with worthless stock.
The e-mails currently flooding inboxes pretend to be from friends warning the recipient they are on YouTube in some scandalous video. "I can't believe you put this video online. This video of you is all over the net. See for yourself," reads one warning in a bogus e-mail.
However, when the recipient clicks on the link expecting to see themselves online, it triggers a virus that takes over the computer, turning it into a so-called "zombie" that can be used to help spread more spam.
"What it is is a method of engaging the user into downloading a variant of the Storm virus," said Ron O'Brien, senior security analyst with Sophos.
O'Brien said the latest virus outbreak follows what would be considered by virus writers as a wildly successfully e-card campaign earlier this summer that saw computers infected when people clicked on a link purporting to be an electronic greeting card.
O'Brien said that method of delivery has faltered as awareness of it has spread. The latest technique is designed to replace it and build up more armies of infected, or zombie, computers.
"Think of the spam that sets up the infrastructure as being kind of the initial cycle," he said. "Then what they are able to do is they can rent out those (zombie) networks.
"We saw that infrastructure being put in place over the Fourth of July (weekend), followed by one of the largest pump-and-dump scams in history."
O'Brien said the current virus outbreak could be meant to repeat that performance.
"It does suggest very strongly that if the campaign is successful, those newly infected computers could be used to conduct an even larger spam campaign," he said.
O'Brien said the back-to-school season is a busy time for Internet fraudsters, who take advantage of the fact that many young people are starting to use their computers after a summer off, or are heading back to school with new computers. While updated anti-virus software can detect and block the latest viruses, O'Brien said many users don't have these protection programs on their computers.
"With kids going back to school, a lot are trading e-mail addresses for the first time," he said. "It is highly likely the intended audience for this campaign is young people.
"Like the back-to-school shopping phenomenon, there is a back-to-school 'malware' phenomenon as well."
OPTIONAL TRIM BEGINS
This week's virus is just the sort of attack B.C.-based Wizard IT Services is fighting with its latest anti-spam project, SpamRats.com. SpamRats identifies the source sending out spam and "blacklists" the sender, creating an automatic block that stops malicious and unsolicited e-mail before it gets on an e-mail server.
Michael Peddemors, president and chief executive of Wizard IT, a company that specializes in anti-spam technologies for Internet service providers and telecom companies, said SpamRats is more effective than filtering when it comes to stopping spam.
"As far as we're concerned, spam can be stopped. But it can't be stopped with filtering ... Spammers are always going to find a way around it," he said.
Peddemors said SpamRats, which blocks spam e-mail from even entering into the mail system of an ISP or company, saves money by lightening the load on bandwidth and computing resources.
"It is like somebody knocking on your door saying, 'We want to give you this letter.' We're saying, 'We're not taking it. Don't give it to me. Nobody is home to you.'
"It saves on bandwidth and on the number of servers that are needed."
gshaw@png.canwest.com
