Webroot® Threat Advisory: Hackers Infecting Computers with Phony Verizon Multimedia Messages

Malicious Files Activated When Consumers Open Spam E-Mail

Boulder, Colo., October 15, 2008

Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, has detected a new malicious download disguised as a legitimate multimedia message service (MMS).

“We are now seeing hackers use the Verizon Wireless name to send spam e-mails to PC users who unknowingly open a fake MMS which launches a Trojan to drop infected files onto their computers,” said Paul Piccard, director of Threat Research, Webroot. “Hackers typically use downloads like this to harvest users’ personal information – not to mention soak up significant bandwidth from users’ computers.”

PC users targeted with this fraudulent spam receive a MMS that, when opened, activates the download of a file called “VerizonMMS.4837192.” Once downloaded, the file instantly infects the PC with malware and also establishes connections to external Web sites that infect the computer with additional malware.

“While it’s no surprise hackers continue to evolve how they attack PC users, the sheer volume of Verizon Wireless customers who may be deceived by this new threat means its effect may be significant,” said Paul Lipman, Webroot’s senior vice president and general manager of Consumer Business. “Webroot is committed to helping consumers avoid being compromised by this and any other threat. In addition to identifying and bringing new threats to light, we always advise PC users to have an up-to-date, best-in-class antispyware, antivirus and firewall software in place to secure personal and confidential information.”

Webroot recommends several steps to users to prevent this type of malware attack:

  1. Always have a current version of antispyware, antivirus and firewall product; 
  2. Make sure the computer is up to date by always installing the latest Microsoft or Apple security updates;
  3. Never download free products or purchase them from unknown Web sites and vendors, or peer to peer networks;
  4. Download videos and other multimedia files only from known and trusted Web sites or blogs; and
  5. Use a credit card that has sufficient fraud protection when shopping and never use a debit card online.

For more information on being protected online, go to: http://www.webroot.com.au/En_AU/csc.html

ABOUT WEBROOT

Webroot is committed to taking the misery out of Internet security with its suite of Webroot® SecureAnywhere offerings for consumers and businesses. Founded in 1997, privately held Webroot is headquartered in Colorado and has operations across North America, Europe and the Asia Pacific region. For more information, visit http://www.webroot.com or call 800.772.9383. Read the Webroot Threat Blog: http://blog.webroot.com. Follow Webroot on Twitter: http://twitter.com/webroot.

©2012 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are registered trademarks of Webroot Inc. in the United States and other countries. All other trademarks are properties of their respective owners.

Copyright 2004 - 2012 Webroot Inc.