hi5 Spam Invites Users to Download a Malicious Worm
Recently I’ve received some spammed messages that purported to be from hi5, “a global destination where young people meet and play.” The site claims to have more than 50 million monthly visitors and to be the third largest social media site in the world. Its a kind of social networking site like Orkut, facebook etc.
The bogus email asks users to add its sender to their lists of friends just like any normal social-networking invitation. What is odd about this email, however, is that it first asks recipients to download and open an attachment, which supposedly contains an invitation.
Inexperienced users who are tricked into downloading and opening the compressed file (Invitation Card.zip) end up executing a malware detected as WORM_PROLACO.AA instead of an invitation. The attachment contains a file named Document.htm. However, upon closer examination by expanding the Name column in the window, users will discover that the supposed .HTM file is really a .EXE file which is malicious.
The social-engineering technique used in this spam run is probably one of the oldest tricks in the “Spammers’ Handbook,” if there is one. This is precisely why users are always reminded to be wary of opening email messages from people they do not know and to scan file attachments before downloading them onto their systems.
I request my readers and other internet users to use caution when opening email and downloading attachments from senders they do not know..