Hackers Infecting Computers with Verizon Multimedia Messages | Threat Research

Malicious Files Activated When Consumers Open Spam E-Mail

BOULDER, CO - October 15, 2008

Webroot, a leading provider of security solutions for the consumer, enterprise and SMB markets, has detected a new malicious download disguised as a legitimate multimedia message service (MMS).

"We are now seeing hackers use the Verizon Wireless name to send spam e-mails to PC users who unknowingly open a fake MMS which launches a Trojan to drop infected files onto their computers," said Paul Piccard, director of Threat Research, Webroot. "Hackers typically use downloads like this to harvest users’ personal information – not to mention soak up significant bandwidth from users’ computers."

PC users targeted with this fraudulent spam receive a MMS that, when opened, activates the download of a file called "VerizonMMS.4837192." Once downloaded, the file instantly infects the PC with malware and also establishes connections to external Web sites that infect the computer with additional malware.

"While it’s no surprise hackers continue to evolve how they attack PC users, the sheer volume of Verizon Wireless customers who may be deceived by this new threat means its effect may be significant," said Paul Lipman, Webroot’s senior vice president and general manager of Consumer Business. "Webroot is committed to helping consumers avoid being compromised by this and any other threat. In addition to identifying and bringing new threats to light, we always advise PC users to have an up-to-date, best-in-class antispyware, antivirus and firewall software in place to secure personal and confidential information."

Webroot recommends several steps to users to prevent this type of malware attack:

  1. Always have a current version of antispyware, antivirus and firewall product;
  2. Make sure the computer is up to date by always installing the latest Microsoft or Apple security updates;
  3. Never download free products or purchase them from unknown Web sites and vendors, or peer to peer networks;
  4. Download videos and other multimedia files only from known and trusted Web sites or blogs; and
  5. Use a credit card that has sufficient fraud protection when shopping and never use a debit card online.

About Us

Webroot delivers next-generation endpoint security and threat intelligence services to protect businesses and individuals around the globe. Our smarter approach harnesses the power of cloud-based collective threat intelligence derived from millions of real-world devices to stop threats in real time and help secure the connected world.