The smoke from the LINKOPTIM attack against the Italian computing population last month has not completely cleared, but already a new worm that uses email messages in Italian is making the rounds. Last weekend, the Incident Response Team at Trend Micro recorded that as much as 82% of all email messages received by their email honey pot were generated by this worm.
WORM_SPIAG.A sends copies of itself as attachment to email messages that promise photos of the recipient on a beach.
“In spiaggia”the subject reads. “In the beach.”
The email message says:
- Bacini! Ti mando le foto che mi hai fatto questa estate. Una =E8 meglio che la cancelli :)
A free online translator produced this (surely) loose translation:
- River basins! I’m sending you the photos that you have made this summer with me. A =E8 better than it cancels it
The attachment file name sustains this picture on the beach scam: SPIAGGIAFOTO.ZIP. When a recipient opens this attachment, the worm executes on the system, and the system becomes a launch pad for further propagation.
“What’s up with this old-fashioned worm?”, one might ask. It does not even try to cover its malicious acts by, say, dropping and opening an image file to further trick the user, the way some malware do. Instead, it proceeds with its payload right away. It dials to premium numbers, possibly to long-distance numbers or pay-per-view sites. Also, as the Incident Response Team documents, this worm accesses a legit social networking Web site for adults, and this raises questions as to the true goal of WORM_SPIAG.A.
It’s a worm that carries a dialer payload. Wait, that’s not quite right. Along with the major change in the malware threat landscape (from outbreaks to targeted attacks) is an inevitable shift in perspectives. WORM_SPIAG.A is a dialer with propagation capabilities. Now that’s more like it.
In any case, the affected user ends up being charged for calls or connections that he or she never intentionally made.
Well, let’s just say that’s the price of being a stubbornly unwise computer user at a time when complex, coordinated, targeted attacks are rampant, a time when user awareness and carefulness are more critical than ever.