New Virus Appears As Response To Craigslist Ad

[Peaches]

New Virus Appears As Response To Craigslist Ad

Currently undetected virus appears as a response to craigslist ad with link to fake "Picasa" photo album, according to Red Condor

Aug 14, 2009 | 03:45 PM

Rohnert Park, Calif. " August 13, 2009 " Email security experts at Red Condor are warning email users about a new virus currently undetected by most virus scanners. The virus is embedded in an email that appears to be a response to a craigslist advertisement. The email containing the virus, which was detected August 12, 2009 by Red Condor's Zero Minute Defense Network, includes the subject line, "Re: Car For Sale on craigslist." The email content suggests that the user requested pictures for a car being sold on craigslist and invites the recipient to view the images in a Picasa album. Clicking on the link to the album installs a virus.

"Only 13 out of 41 virus scanners detected the file as a virus when Red Condor first identified it," stated Dr. Tom Steding, chief executive officer of Red Condor. "This means that if the message was delivered and a user clicked on the link, they'd likely be infected even if they had an anti-virus program running on their desktop computer. With increasingly more ways to get malicious content onto computers and corporate networks, it is important that companies' security solutions are capable of responding quickly and appropriately to eliminate potential threats. Traditional signature-based virus engines are simply not enough protection against today's spammers and cybercriminals. After all, it only takes one click."

The virus scam was detected by Red Condor's proprietary Spam Trip Wire technology. Red Condor scanned the virus payload through VirusTotal.com, and also Jotti, and the email virus was unrecognized by more than two-thirds of commercial virus scanners.

Spam Trip Wire identifies spam and virus campaigns before they penetrate users' networks. Suspicious campaigns are put on probation until a filter rule can be written to capture messages from the campaign. During the probationary period, messages from the suspicious campaign are quarantined. Red Condor charts the number of malicious campaigns identified by Spam Trip Wire through its online Threat Center at RedCondor.com.

full article at darkreading - http://www.darkreading.com/security/vulner...ies+and+threats