Video Screencast Help
Security Response

Bye Bye Bandwidth?

Created: 11 Jul 2008 16:40:35 GMT • Updated: 23 Jan 2014 18:40:40 GMT
Silas Barnes's picture
0 0 Votes
Login to vote

Everyone knows that in a matter of hours, hype can turn a small event into something much larger in the minds of society. Enter the latest round of malicious spam we have seen here at Symantec—the death of the Internet.

 

The following spam subject lines have been seen:

 

Secret Plan To Kill Internet By 2012: Leaked?

PLAN TO KILL THE INTERNET BY 2012- Documented

2012: The year the Internet as we know it dies...

2012: The Year The Internet Ends

 

This certainly sounds devastating because many of us spend a rather large amount of our time, both as part of work and as part of life, online. Addition information on this apocalyptic event continues in the various body texts we have seen, including:

 

Every significant Internet provider around the globe is currently in talks

with access and content providers to transform the internet into a

television-like medium…

 

It's hearsay, but I heard that the growth of the Internet will bring it to a

dead halt come about 2012. People are going nuts…

 

The reason why we're releasing this information is because we believe we can

stop it. More awareness means more mainstream media shedding light on it,

more political interest and more pressure on the ISP's to keep

the Internet an open free space…

 

It's happening and it could be as soon as 2010. There are documented facts

that the internet, as we know it today, will disappear. For those wondering

why we are experiencing "black holes" read on…

 

ISP's have resolved to restrict the Internet to a TV-like subscription mode

where users will be forced to pay to visit selected corporate websites by

2012…

 

Then there is the attachment, "doc.pdf." The file contains malicious code that is executed on the system when the file is opened. The malicious code is detected as Trojan.Pidief.A by Symantec products. So far, the attachment being used is the same across the board (MD5 - 4977c984367355f590a8bb159f76d94d9) but there's no guarantee that this will remain the case. As you can see by the graph below, the location of the presumably infected machines that are pumping out the spam emails is quite broad; however, the bulk of the spam is originating from the United States:

 

 

 

 

I personally don’t think the Internet will come to a grinding halt in 2012, or that a subscription- style service will be set up. However, I’m sure that some people out there won’t be able to resist reading more from the document attached to this hype-based spam.

Message Edited by SR Blog Moderator on 07-11-2008 10:28 AM
Message Edited by SR Blog Moderator on 07-14-2008 07:37 AM