Posted by Virus Bulletin on Feb 24, 2012
Trojan downloader behind .co.cc URL.
Researchers at Vircom have discovered a junk fax with an 'unsubscribe' URL which contained a trojan downloader.
Junk faxes (also known as 'fax spam'), have been common since the late 1980s. Apart from being a nuisance, they are a waste of paper and ink. Many users would thus be happy to find a way to stop receiving them - and the URL printed at the bottom of this fax promised exactly that.
Upon further investigation, however, it was found that the URL did not unsubscribe the user from the senders' lists; rather, it attempts to infect them with a trojan downloader.
Given that the URL lives on a subdomain of .co.cc, which offers free subdomain redirection and has a long history of hosting malware and spamvertisements, experts will not find this surprising. However, to most recipients, the URL will have appeared legitimate and harmless.
More at Vircom's Email Security Matters blog here.
Posted on 24 February 2012 by Virus Bulletin
