The below article is from Vivien Yeo, 07 August 2009, on bank scams in Taiwan.
An e-mail scam making its rounds in Taiwan, attempts to trick users into downloading malware, Symantec has warned. Systems without up-to-date patching for Adobe products are vulnerable to the attack.
Appearing to be a credit card promotional e-mail sent from a Taiwanese commercial bank, the spam message has a deliberate void in the content which gives users the impression that it failed to load properly, according to a Symantec blog post on Thursday night. Users are then instructed to click onto a link if they are unable to view the images.
Clicking on the link brings users to a Web page containing malicious code, which then redirects them to at least one other site. At this stage, it attempts to drop a shellcode--an exercise that targets systems without up-to-date patching for Adobe software. Successful exploitation could allow attackers to gain control of the machine.
Adobe last month released a patch for the vulnerability, which affects products including Flash Player, Adobe Reader and Adobe Acrobat.
When contacted by ZDNet Asia, a Symantec spokesperson declined to name the spoofed bank but noted that it had already been notified of the matter. Spam activity has been limited to Taiwan, the Singapore-based spokesperson added. Symantec was, however, unable to provide the number of infections.
No comments:
Post a Comment