.HK Spammers Love You and Me
There is so much malware spam coming from the .hk namespace that it bears noting. It seems that there is a spate of malware-laced fake ecard mails that are likely related to the PeaComm botnet.
The emails say they are from a relative, friend, admirer, or my favorite, a “worshipper” and the url is typically a .hk domain followed by a unique string. I have not bothered to click on them to see what they try to do. But according to ArborNetworks, its rather nasty.
The exploit website tries to throw every exploit at you, including the kitchen sink. There are animated cursor attacks, quicktime overflows, winzip overflows, webfolderview attacks, and even a link to download an executable to infect yourself manually if the javascript fails to do it for you.
The purpose of this agressive email spam campaign is to take on rival spammer botnets. From ArborNetworks here:
So, at this point, Peacomm and its gang are upping the ante. They’re improving their methods to infect your computer, they’re gaining ground, and they’re not slowing down. This has been going on for a couple of weeks at this point. Also, there are rumors that Peacomm is launching (at present) a DDoS attack against rival spam gangs, so your infected computer may also be a DDoS bot. Peacomm infected boxes have participated in DDoS events before against rivals and anti-spam efforts.
And just today I noticed that the Peacomm spam emails have morphed once again. Now they are spoofed from BlueMountain, a known ecard site. This may help fool those that haven’t fallen for the spam yet. If they start showing up looking like evite invitations, even I will get netted into this one.
So update your computers if you havent done so already. Upgrade your helper applications too- Winzip, acrobat reader, quicktime, java, media player, and your chat applications. Also, one tip you don’t hear about much- uninstall your old versions of Java. When java upgrades, it leaves the old version intact and running. Some spyware and malware knows to call the old vulnerable versions to infect you, and it will work, so remove it.
Or use Linux. 😛
For windows users struggling with the ability to keep multiple applications patched and up to date, wiping out a system and going with Linux would be the toughest and most difficult thing you could do. Its like swatting flies with handgrenades.
Linux is far from secure and only veteran computer operators can keep it secure out of the box and patched when new threats come out. Regarding this article and botnets, most windows hosts are bots. Linux servers tend to be the botherders and are a valuable prize to hackers.
And while using Linux is certainly an option, using a Cray is another- or an Xbox, or an iphone.
Depends on which Linux distro. I went from Windows to Xubuntu with no problem. Then again I’m not your typical AOL user either. 🙂