Screensaver spam is new malware from old gang: Sunbelt

By

A new wave of "3D screensaver" spam is directing recipients to a malware site from a notorious malware gang that had ceased activity in January after their site was attack by a rival group of cybercriminals, researchers at Sunbelt reported.

Screensaver spam is new malware from old gang: Sunbelt
A new wave of “3D screensaver” spam is directing recipients to a new malware site from a notorious malware gang that had ceased activity in January after their site was attack by a rival group of cybercriminals, researchers at Sunbelt reported Monday.

According to the Sunbelt malware research team, the screensaver spam is pointing to a site put up by Loads.cc website, indicating that the gang, said to be responsible for distribution and installation of numerous spambots, keyloggers, DDoS bots, adware and rootkits, is back in business.

The group behind Loads.cc, believed to be based in Russia, shut down their original domain address in January after suffering suffered a DDoS attack from a rival malware gang utilising a Barracuda botnet, the Sunbelt team said.

After one of the infected screensavers is installed by the recipient, malware activates an HTTP GET request for a PHP script (manda.php), which may return a URL of additional malware for the bot to retrieve and install.

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Log In

  |  Forgot your password?