Threat Research

Relative exposure to malware

Avast Security Blogger, 27 January 2012

Relative exposure to malware

If you work at an antivirus company, be sure that family members will soon ask you questions about computers and the latest malware. Sometimes, they will even send you some. The other day, I got an odd email from my cousin, soon followed by a similar note from my sister that contained this:

The two of them – completely unintentionally - sent me a personalized bit of spam/malware. This was quite nice. After all, there aren’t so many Lyle’s in the world and I thought it was really considerate of some malware writers to address me directly. So I asked Jan Sirmer in the AVAST Virus Lab to tell me about how it was done and the goal of this malware. Here are his comments:

1) They generally get the names by parsing email addresses. Because many users using their first name in their email addresses, for example,, they can just parse the email address and they have one of your names.

2) This is a relatively old-fashioned bit of malware designed to steal personal details. Click on the link and it will show a page with a login table. Your email address is already entered into the “name” slot and it is just asking for your Windows ID password. It doesn't even check to see if this is a functioning password, just if the length is longer than one character. From here, you will be redirected to (or a similar location) where it will show that some prize has been won and you can pick which one. A time counter is ticking away to push you to make a fast and thoughtless choice. And of course, once you choose your prize, you will be redirected again to another place to pick it up.

3) It goes into your address book to get more email addresses so it can replicate itself and continue its search.

Unlike Jan Sirmer, I was sent on an “Africa Safari” game after clicking on the link. But because the avast! Network Shield on my computer stopped the connection, I never arrived and can’t tell you any details about the “prize” I almost won.

Just remember, watch where you click. Even if your name is there and it's from a close relative.