Spam, fake greeting cards and VML exploit

There is one subject that most security experts are on now. It is VML exploit used to install loads of spyware, adware and viral parasites to vulnerable computers. As you already know, this exploit utilizes vulnerability in Internet Explorer, which is still unpatched. Workarounds and even third-party patches are available, but surprisingly a lot of people haven’t heard anything about them yet.

Hackers know perfectly that there are still millions of Internet users that do not care about security much. However, even bad guys have difficulties attracting victims to malicious web sites. Most people simply don’t visit suspicious sites anymore. But most like to get greetings, invitations, useful software and other great free stuff. Maybe that’s why attackers began using new, much more effective tactics.

According to WebSense Security Labs, attackers now combine spam e-mails, fake greeting cards and VML exploits. The victim receives an e-mail claiming that someone has sent him a Yahoo! Greetings greeting card. The letter (bogus, of course) also contains a web link to a greeting card. Clicking on that link launches the web browser, which is usually vulnerable Internet Explorer, and opens a web page with a greeting card. Although the page looks genuine, it is hosted on a server not related to Yahoo! and contains malicious code that runs VML exploit.

It should be noted that the exploit starts installing malware immediately. After only a few seconds first threats appear in the vulnerable system. After an hour or two there might be tens of dangerous parasites. At this time a computer may already be unusable and user sensitive information stolen.

Like us on Facebook