Breaking Down Blog Spam Malware
Sunday August 24, 2008
Jesper Johansson, co-author of Windows Vista Security: Securing Vista Against Malicious Attacks, recently wrote an article in The Register which dissects a new type of threat. Anyone with a blog has probably seen blog spam- comments made on blog posts which have little or nothing to do with the actual blog post, but contain links to spam-related web sites. I have spam filters in place, so I rarely even see the blog spam posts. They are an annoyance, and I simply delete them in periodic batches. However, Jesper did stop to look at the spam and noticed that a new breed was becoming prevalent. The new breed, rather than just leading to some annoying spam site, are actually malware attacks. For a complete breakdown of the threat, and Jesper's dissection and analysis, check out Anatomy of a Malware Scam. One defense to protect yourself from being victimized by malware attacks like this one is to never close pop-up windows. Take a look at Don't Close That Pop-Up Window! to learn more.
Comments
I was first surprised and then astonished to see that Mr. Johansson mentioned the “flawless” English in the various bogus alerts displayed by the malware on the potential victim’s monitor. Virtually every one of them had either a grammatical, usage, or spelling mistake. “Get you [sic] system protected…” “…secretly sending your private data to untrusted internet host” (absence of “an” before “untrusted”)
“…reports that ‘XP antivirus’ is inable” (”inable”? that’s a new word for my vocabulary) “Windows detect [sic] unregistered version…”
Those are only a few of the errors that stood out like red warning flags for me. I certainly would never characterize this malware as professional-looking — apart from the chrome.