A
new variant from the Bagle worm family named ‘Bagle-DO’
or ‘Win32.Bagle.fr’ aims to spread by threatening victims via imposter
lawsuits!
Experts at MicroWorld Technologies
have found various legal subjects lines in the message. Some of them read "We
wait your response", "Pay your debts before we come to you", "Lawsuit
against you" and alike. The content of the mail talks about legal action
due to a varied set of financial and criminal offenses allegedly committed by
the recipient or his company.
Users are threatened with choicest
words to open an attachment named “lawsuit.exe”, documents.exe or explanation.exe.
Once you download and run the file it will install the worm into your computer.
From that point, the worm gets down to business very fast by stealing mailing
addresses to send mass mails and proliferating in networks via P2P methods.
The most interesting factor to notice here is the innovative psychological
ploy employed to get the user to open the mail and download the attachment. A
greeting card, sexual content or a fantastic utility were all tried and tested
over the years. Now they are trying negative tactics like shock and scare. Here
the recipient’s reaction will be either of fear or of anger. In both cases
the person’s natural judgment and logical thinking takes a back seat, and
the emotional impulse to see the what’s in the lawsuit takes over. That’s
when virus writer wins hand down!
“Multiple ways of Social
Engineering employed by virus writers are something we have been closely following
at MicroWorld. As the theory of mass psychology goes, peripheral cues and mental
shortcuts can be employed to trigger desired action from a targeted group. Same
is happening here, in newer and smarter ways.” analyzes Govind Rammurthy,
CEO, MicroWorld Technologies. The recent FBI phishing
mail employed a similar tactic to terrorize the victim to fall in line.
Another important aspect that emerges from this worm is the multi-tier
strategy in relaying the worm. Once the Bagle Worm steals the email addresses
from the victim’s computer it resorts to the older methods like salacious
content like Britney Spears sex photos.exe, Paris Hilton video.exe, Porno Screensaver.scr
and more, in the next level of proliferation.
“This time the
mail is coming from the mail id of your friend or a known person. Thus, there’s
a great chance of you opening the mail, as sending pornographic content is a hugely
popular activity around the world, among friends and colleagues.” explains
Govind Rammurthy.
MicroWorld has been continuously updating their
users about various modes of malware proliferation employed by virus writers,
as they believe this war is as much about psychology one as it is about technology.
MicroWorld
MicroWorld (www.mwti.net ) are the developers
of the world's first Real-Time Anti-Virus and Content Security software eScan
for desktops and servers. Its communication security software, MailScan
is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server. MicroWorld
Winsock Layer (MWL) is the revolutionary technology underlying these products,
powering them to several certifications and awards by some of the most prestigious
testing bodies, notable among them being Virus Bulletin, Checkmark, TUCOWS, Red
Hat Ready, and Novell Ready. Combining their powerful scanner with MWL technology,
MicroWorld solutions provide a Real-Time Proactive security for your systems.
For network security of enterprises, eConceal Firewall is the latest powerful
offering from MicroWorld.
To learn more, kindly visit http://www.mwti.net
