Although we’ve not seen too many actual attacks from this, it’s been widely reported in the media, perhaps as it’s quite a novelty these days to see a worm spreading in this way.

It spreads itself as an executable in email, but disguises itself as a PDF file, when executed it attempts to download some other malicious files on the victim machine, and drops some files in an attempt to let the worm spread via autorun.

K7 Total Security detects this worm as  ”Emailworm (0019e4ae1)” (yeah, it’s that uninteresting!)

Full information is here:

http://viruslab.k7computing.com/index.php?option=com_k7virus&view=showvirus&Itemid=1&id=818

If you’re interested in more, Dan Goodin has written a short piece about the worm on The Register http://www.theregister.co.uk/2010/09/10/email_worm_spreading/

Andrew Lee
CTO K7 Computing

David Kernell, who is accused of hacking into the former Alaskan governor’s email account during the Republican presidential campaign of 2008 and will go on trial in April next year, is expected to claim that a malicious programme that had infected his laptop computer was responsible for the breach.

Lawyers of the 21-year-old student, who is the son of a Tennessee Democrat politician, will argue that he was not personally responsible for the attack on Mrs Palin’s personal email account, even though authorities traced the hack to an IP address used by Kernell.

Screenshots of the emails, including message content, were posted to Wikileaks and to the imageboard 4chan during the presidential campaign which Republican candidate John McCain, supported by Palin, lost to Barack Obama.

It was believed that hackers were able to break into the account by guessing Palin’s Yahoo password, a word that was thought to be easily associated with the 45-year-old based on information that was released into the public domain both before and during the election campaign.

This case would not be the first time that a successful defence citing a Trojan or other form of malware has been used. In perhaps the most high-profile case, jurors in UK acquitted 19-year-old Aaron Caffrey of hacking into and crashing computer systems at the port of Houston in Texas, believing his defence that hackers had broken into his computer and used it to launch the attack.

The defence has also been used in numerous cases surrounding the downloading and storing of obscene and unlawful materials, with computer forensics often demonstrating that the material was found on a PC due to malicious software that had infected the user’s PC rather than any deliberate user activity.

The most common single password in the sample of 10,000 Live ID login credentials (the system used to login to services such as Hotmail) posted on a development website was “123456″, with others such as “password” and “123456789″ also common.

Of the 10,000 breached account details that were posted on PasteBin.com, “123456″ was found to be the password in 64 examples, according to Neil O’Neil from digital payments firm The Logic Group. Whilst the represents just 0.64% of the overall sample, the findings represent a worrying lack of password best practice. There were 18 uses of the second most popular password, “123456789″, in the list.

Further analysis also highlighted common themes in password structure, with names and birthdays used frequently. Other examples include “ibelongtogod” and “666666″.

As many as 42% of the passwords used only lowercase letters, 19% were purely numeric and only 6% mixed up alpha-numeric and other characters, according to a separate analysis of the data by web application security firm Acunetix.

O’Neil suggested that the breach highlighted severe flaws in online password security and recommended users to think more carefully about how they protect their accounts.

“It used to be that the best security advice was to never write down your password,” he said. “Today’s advice however is to choose complex passwords, write them down and then put them in your wallet.

“You know when your wallet is lost or stolen and therefore that you need to change your passwords. Three initials from your name and postcode will do the trick and will take a hacker weeks to crack. Using an old postcode adds another layer of protection.”

The list of details has since been removed from PasteBin although some experts claim that the data is still accessible to those, such as hackers, who will be determined to access it.

The software giant announced the decision to pull a feature from its web-based email service last week amid security concerns created due to an incompatibility with Internet Explorer, although experts believed that the feature was actually disabled back in late June.

The feature allowed users to insert an image file within the actual body of the email message, as opposed to attaching the image separately. Users will still however be able to attach images and other files as attachments whilst Microsoft works on a fix, likely to be included in the next Internet Explorer patch.

Hotmail, which has around 270million users worldwide, claimed that the feature is likely to be reinstated in September.

Some of you may have noticed that lately, you can no longer add photos directly into the body of a Windows Live Hotmail message the way you used to do,” a Hotmail statement read. “The Windows Live team is constantly reviewing Hotmail to ensure quality service to our customers.

“During a recent review, we identified an incompatibility with Internet Explorer that caused a security flaw with photo uploads, and we made the decision to temporarily remove the feature.

“The Hotmail team takes security very seriously and we expect to bring back the photo upload feature by the end of September. In the meantime, you can still add pictures as attachments to your Hotmail messages, by clicking Attach, and then selecting the picture you want to include.”

You’ve probably also thought to yourself on more than one occasion “who actually buys this stuff?” Of course, there must be somebody who responds to these messages, that’s why you’re getting them right?

Well yes. Last week a survey revealed that as many as one in three people have responded to a spam email message at some stage, with 12% of those who did respond doing so knowing that the message was an unsolicited ‘spam’ advertisement.

Spam is huge business, even if the response rate is pitifully low and with spam filters than come packaged with many antivirus software packages filtering out significant amounts of malicious emails, many spammers are generating revenues well into seven figures.

In November 2008, researchers from the University of California in San Diego found that even with a response rate of 0.00001%, spammers could generate sales in excess of $1million. As part of their own research, the university used a now defunct spam network to send 350m spam emails, generating only 28 “sales” and $2,731.88. The researchers concluded that running a larger scale campaign could have generated annual sales of as much as $3.5m.

Those figures also don’t take into account other forms of spam – most notably phishing scams designed to steal a victim’s personal identity which can prove even more lucrative and can generate even higher responses.

Email spam is either outlawed or severely restricted throughout the European Union and at least 19 other nations, with the biggest offenders in the US receiving multi-million dollar fines and even prison sentences, so why has nobody been able to stop it?

Well, the complexities of international law don’t help. There’s little to stop the most determined spammers moving to territories where email communications are either poorly restricted or where regulations are poorly enforced.

Other factors are down to the simplicity in which spam email campaigns can be launched. Most spam is distributed from networks of hacker-controlled computers known as “botnets”. These networks are often made up of PCs that have previously been affected by a virus or worm and are used to automatically relay spam messages, allowing the spammer to increase the reach of their advertisement with very minimal effort.

Unfortunately, spam is unlikely to ever go away completely. All that the average user can do is wise themselves up to the tricks that spammers use, install antivirus software that includes a spam filter and watch out for any emails that look untrustworthy.

Whilst the majority of users claimed to have responded to junk email advertisements by accident or through curiosity, a surprising 12% of the 800 “ordinary computer users” surveyed admitted to responding to an email because they were genuinely interested in the product or service being advertised.

The survey by the Messaging Anti-Abuse Working Group (MAAWG), also found that four in five consumers did not believe it was likely that their PC’s could become infected with malware as a result of responding to spam emails, despite growing exposure over the problem.

Half of those surveyed claimed that they have never clicked on suspected spam although around one in five (21 per cent) admitted that they did not have any email filtering software or services.

The problems of malware distribution through spam has seen increased exposure in recent months, with spammers seeking to use social media platforms as opposed to email in an attempt to avoid anti-spam filters found in many antivirus software packages.

David Ferris, an analyst at Ferris Research, commented: “According to the MAAWG findings, about one in six people are prepared to make an effort to report spam and the industry should find more ways to tap into this potential. Conversely, the volume of people who still respond to spam is regrettable, because it’s an economic incentive to spammers.”

Spam emails attempting to sell drug Tamiflu, a treatment for the swine influenza, have increased dramatically in recent months, according to the Royal Pharmaceutical Society, as a result of the recent H1N1 pandemic which originated in Mexico, South America.

According to the World Health Organisation, there have been more than 77,000 confirmed cases of swine flu, including 332 deaths to date and experts have raised concerns over the number of people now attempting to purchase the drug online.

“The whole field of counterfeit drugs is becoming a much bigger problem, not just with Tamiflu,” Sir Liam Donaldson, the British government’s chief medical officer, told the BBC.

“So my advice is don’t buy it, you don’t need to. We have got the biggest stockpile in the world and even worse than that you might end up with something that is poisonous and dangerous.”

The RPS has also warned that users could be tempted to purchase drugs online in response to spam emails purporting to sell legitimate versions of the Tamiflu drug.

A spokesman, David Pruce, said: “We now think that Tamiflu is the most spammed medicine on the internet. It’s taken over from Viagra. Most of that Tamiflu could well be fake. If it’s fake it could range from simple sugar to rat poison.”

Spammers are also likely to use alternative spellings of the drug in an attempt to bypass email spam filters within various forms of antivirus software packages, using alternative names or deliberately altering the spelling.

Experts are advising computer users to update any antivirus software and email spam filters that they may have and to ensure that they do not purchase any swine-flu related drugs online.

The OFT, who compiled the report using research from the University of Exeter, claims that those who have a “better than average background knowledge” of investing, lotteries and finance are actually more likely to become the victim of a scam than less knowledgeable users.

The research concluded that those with knowledge of financial products demonstrated a degree of overconfidence in particular subject areas, making them more likely to respond to a scam email.

Those with background knowledge also had a tendency to “read up” on potential scam emails whereas those with “below average” knowledge simply ignored any apparently malicious approaches or used antivirus software to automatically delete so-called ‘phishing‘ emails.

The research, entitled “The psychology of scams: provoking and committing errors of judgement”, also that the typical scam victim was not necessarily a poor decision maker and that many came from successful business backgrounds.

Unsurprisingly, victims often hid their involvement from friends and family.

The most common forms of scam that internet users were faced with included the so-called “Nigerian 419” advance-fee fraud scam, fake foreign lotteries, holiday club and high-risk financial investments.

The OFT published the findings as part of a high-profile campaign against scams, believing that as many as 3.2 million people are being defrauded of about £3.5bn a year.

Following the outbreak of swine flu in Mexico and numerous subsequent cases worldwide, a number of websites and email campaigns have emerged which purport to provide cures and treatment for the virus.

Those sites, it is claimed, are providing bogus treatments whilst computer security experts believe that many others may be being used as a means of distributing malicious software.

AFP reported than an alert posted late Thursday at the US Food and Drug Administration warned that scammers have launched websites promoting bogus products “that claim to prevent, treat, or cure” the H1N1 flu virus.

The FDA said it is “informing offending websites that they must take prompt action to correct and/or remove promotions of these fraudulent products or face immediate enforcement action.”

Users are being urged to look out for emails with terms such as “Swine Flu Outbreak!” and “Madonna Catches Swine Flu!” in their subject line – terms which have been heavily featured in the global media.

Japan’s National Institute of Infectious Diseases issued a warning on Thursday that a suspicious Japanese-language email message with an attached file called “information on swine flu” had been circulating in cyberspace.

Unsolicited emails advertising drugs, sales messages or various forms of malware make up an overwhelming majority of email messages as hackers take a different approach to online crime.

Instead of looking to exploit holes within operating systems, a practice which is becoming increasingly preventable through advancements in security software, hackers now preferring to hide malicious software, including adware or spyware, in common file format attachments such as Microsoft Office or PDF files.

The belief is that as antivirus software becomes more sophisticated, hackers are increasingly considering the “weak link” in PC security to be the human elements.

Ed Gibson, chief cyber security advisor at Microsoft, said the rise in spam was due to traditional organised crime figures moving away from exploiting software vulnerabilities and “targeting the weak link that is you and me”.

“With higher capacity broadband and better OS (operating systems), and higher power computers it is easier now to send out billions of spams. Three or four years ago the capacity wasn’t there.”

The report, which studied online activity during the second half of 2008, also pinpoints the countries that are suffering from the most infections of computer viruses, with Brazil and Russia dubbed as the most “infected” countries. Computers in Turkey and Serbia and Montenegro were also considered to most at risk.

The company also revealed that the type of virus or malware that users were likely to be affected by depended heavily on the country or region that they were in.

In China, several malicious web browser modifiers are common, while in Brazil, malware that targets users of online banks is more widespread. Computers in Korea were more likely to be hit with viruses such as Win32/Virut and Win32/Parite.

“As the malware ecosystem becomes more reliant on social engineering, threats worldwide have become more dependent on language and cultural factors,” said the report.