Information Security Researchers Discover New E-mail Virus

Dec. 14, 2010 - PRLog -- E-mail fraud is the most common form of threats faced by Internet users. While people are accustomed to the common threats such as lottery scam, dead person’s will scam and employment scams, attackers continuously evolve new techniques to deceive Internet users. For instance, attackers are now using cleverly crafted e-mails, which appear to come from colleague or supervisors to lure users into deceiving confidential information.

Recently, information security researchers have discovered a new e-mail virus. In this case, the modus operandi adopted by the attackers is to lure Internet users to open a malicious e-mail attachment.  The e-mail purportedly comes from postal services such as United Parcel Service (UPS), Federal Express, DHL and U.S. Postal service.

The email claims that they had problem delivering an important parcel to the recipient’s address and urges to open an attached file containing an invoice. Alternatively, the email may contain a link for downloading a shipping label.  When unsuspecting users click on the link or download the attached file the virus spreads to their computers. Information Securityresearchers have identified another version, wherein the attackers lure users to click on a link, to purchase a program that removes all computer viruses. When a user clicks on the link, a pop-up window with the message: “Your computer is infected, click here to clean” appears on the screen. Those intending to purchase the program are asked to enter their credit card information. When unwary users enter the detail and clicks on the given button, the credit card information is compromised, but they don’t receive any anti-virus program.

Some of the major e-mail frauds initiated by hackers include phishing, spear phishing, advance fee fraud, lottery scam, investment scam, work from home scam and vishing. These attacks pose a serious threat to information security.

Internet users must adhere to preventive measures issued by organizations such as vendors of security products, regulatory authorities and banking and financial companies to avoid falling into the trap of sophisticated hacking attacks.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI). The iClass program was designed with the IT Security Professional's busy schedule in mind; Choose from course on iPads, iPods, Netbooks or simply train via streaming video! http://iclass.eccouncil.org/