Trojan downloader behind .co.cc URL.

Researchers at Vircom have discovered a junk fax with an 'unsubscribe' URL which contained a trojan^[1] downloader^[2].

Junk faxes (also known as 'fax spam'), have been common since the late 1980s. Apart from being a nuisance, they are a waste of paper and ink. Many users would thus be happy to find a way to stop receiving them - and the URL printed at the bottom of this fax promised exactly that.

Upon further investigation, however, it was found that the URL did not unsubscribe the user from the senders' lists; rather, it attempts to infect them with a trojan downloader.

Given that the URL lives on a subdomain of .co.cc, which offers free subdomain redirection and has a long history^[3] of hosting malware and spamvertisements^[4], experts will not find this surprising. However, to most recipients, the URL will have appeared legitimate and harmless.

More at Vircom's Email Security Matters blog here^[5].

24 September 2012

Tags: .co.cc^[6], fax^[7], spam^[8], trojan^[9].   

Leave a comment^[13]

References

1. ^{^} Trojan: Malicious program masquerading as something innocuous or useful (www.virusbtn.com)
2. ^{^} Downloader: Trojan that downloads other files (www.virusbtn.com)
3. ^{^} long history (www.virusbtn.com)
4. ^{^} Spamvertising: Advertising a product via spam (www.virusbtn.com)
5. ^{^} here (www.emailsecuritymatters.com)
6. ^{^} .co.cc (www.virusbtn.com)
7. ^{^} fax (www.virusbtn.com)
8. ^{^} spam (www.virusbtn.com)
9. ^{^} trojan (www.virusbtn.com)
10. ^{^} Tweet (twitter.com)
11. ^{^} del.icio.us (del.icio.us)
12. ^{^} Digg this story (www.virusbtn.com)
13. ^{^} Leave a comment (www.virusbtn.com)