A variant of the well-known and troublesome worm is being used in a spam attack that is luring blog, bulletin board and webmail (Internet-based e-mail) users to connect to a malicious Web site, according to Dmitri Alperovitch, a principal research scientist at Secure Computing Corp.

Alperovitch explains that there is a new component in the variant that enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text — whether it’s a blog post, a bulletin board entry or an e-mail sent through a webmail system. The users’ text will contain their own content, along with the link and a note that lures readers to check out a Web site with “fun” videos or e-card.

Users who go to the malicious site have their own machines infected with this updated version of the worm, which some security vendors are referring to as a Trojan horse.

“It’s pretty dangerous because it’s using social engineering in a very successful way,” says Alperovitch. “It’s infecting Web posts that come from people who users trust and regularly discuss useful topics with. Imagine a forum where you are used to having good discussions and now they show you a link for what they seem to be saying is a fun video. Wouldn’t you click on it? A lot of people would.”

Source: InformationWeek