Categories: SecurityWorkspace

Malware Uses Geo-location To Lure Victims

The Waledac botnet is luring victims to a fake Reuters site with stories about terrorist attacks. In a twist, the rogue site uses the geo-location of the victim to customize the story to make it appear as though the attack is happening locally.

The e-mails, which have subject lines like “Why did it happen in your city?” claim that 18 people have been killed in an explosion and link to what appears to be a Reuters-related news site. Those who click on the link, however, end up on a malicious site that attempts to trick people into clicking on a video that appears to be breaking news about a terrorist attack.

In an interesting twist, the Web site does a GEO-IP lookup on the victim’s whereabouts and customizes the story to appear as though it relates to the victim’s location.

“We have seen spam—or, more accurately, the Web sites that spam leads you to—doing geo-location before, but I can’t at the moment think of previous occasions when it’s been used as part of the trap to infect you with malware,” said Graham Cluley, senior technology consultant at Sophos.

The worm harvests e-mail addresses from Windows PCs and spams itself on to other users, Cluley explained. In addition, it converts compromised computers into bots that can be used remotely by hackers. There are opportunities through this for identity theft, further spamming and other crimes such as distributed denial-of-service attacks as well, he added.

Waledac appeared on the malware scene late last year with a blended threat Christmas e-card campaign. The botnet is believed by many security researchers to be a reincarnation of the infamous Storm botnet that wreaked havoc in 2007 and played a major role in the Valentine’s Day spam attacks last month.

“[This is] further evidence, as if any were needed, that the botnet creators are still actively filling the void left behind by various events last year, such as the dismantling of the Storm botnet and the takedown of McColo,” blogged Trend Micro Solutions Architect Rik Ferguson.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

8 hours ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

9 hours ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

9 hours ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

10 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

10 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

11 hours ago