The FIFA World Cup 2010has come and gone; however, spammers and malware writers are still exploiting this global event as happened previously with the Icelandic Volcano eruption.
One particular targeted attack related to the World Cup was socially engineered with emails claiming to originate from a famous sportswear manufacturer while the potential victims were executives and managers of other established companies. What makes this attack more sophisticated is that with the email message included both a malicious PDF attachment and a hyperlink to a website hosting malware.
The hosted malware was discovered to be a version of SpyEye, a new sophisticated bot on the market. Capabilities of SpyEye include harvesting of bank accounts, credit cards information and ftp accounts. Including two different modes of attack greatly increases the chance of success in infecting the victim.
A typical email filtering system would strip the infected PDF attachment and allow the now ‘clean’ version of the email, containing the URL, to be delivered to the recipient. At this point, there is real danger to all the organization; if the malicious link still is visited, the hosted malware can very easily infect the recipient and propagate, stealing sensitive data during the process.
The upcoming release of GFI MailSecurity 2010 is scheduled for the first public beta release in the coming weeks. One of the new features to debut in this release is ‘LinkScanner’. The job of the LinkScanner is to scan the email messages for links (URLs) and perform an action on those emails which link to malware. The LinkScanner is also capable of crawling the linked-to website using the link included in the email as an entry point. This is a novel feature for an email filtering system and should defend organizations from attacks similar to the one discussed above. The proposal of this feature started after an idea was submitted to the GFI Idea Factory (feel free to participate in the GFI Idea Factory and Beta programmes). The idea quickly gained votes and was included for this release.
With the introduction of ‘LinkScanner’ even elaborate scams such as this one can be fought in an effort to decrease viruses from infecting computers and networks.