Spammers change tactics to beat security

Spammers are again promising nude pics of Angelina Jolie

Spammers are getting wise to the publicity and attention generated by their creations, security experts warned this week.

Security firm BitDefender said that a malicious message which promised nude pics of Angelina Jolie has again been repacked and updated to beat spam filters and antivirus software.

The malware uses news fragments naming celebrities, including Jolie, Britney Spears and Barack Obama, and directs unsuspecting users to a webpage that allegedly contains a video clip.

However, on visiting the compromised page the victims are shown an image impersonating a video player which links to a binary executable file.

In order to be able to watch the clip, users are advised to download an 'update' for Adobe's popular Flash player, which turns out to be infected with the Tibs.GZM Trojan.

The binary file starts downloading automatically, a practice known as 'drive-by download', installing other pieces of malware including the infamous Trojan.Peed.JPU used on a large scale in the Storm botnet.

The new spam campaign mostly targets computer users with limited knowledge of data security, as well as those who would deliberately ignore the common safety rules in order to gain access to sensational news.

"These email messages are part of a larger wave that attempts to infect the user with miscellaneous Trojans," said Bogdan Dumitru, chief technology officer at BitDefender.

"Initially designed as messages with a single structure, the number of variants quickly escalated to three: a category including a single-part, plain text body, another one with a HTML part, and a third category that uses the Opera Mail Client templates."

In order to increase the success rate of the attack, the spam uses a series of catchy keywords displayed inside the message body.

Despite the fact that each message uses different fake news flashes and headlines, all of them send the user to an URL that ends with either 'stream.html' or 'watchit.html'.