Malicious Spam Attacks Rising

Written by Sue Walsh on November 5, 2012

Several security firms are warning users to be on alert for a growing number of malware ridden spam campaigns. These campaigns brandjack several well known brands and companies such as DHL, Intuit, Amazon, LinkedIn, British Airways, YouTube and Google.

The messages are carefully designed to look like legit communications, usually notifications and reminders. Some tell the user they’ve got a package waiting or appear to be a receipt for airline tickets. The links lead to different things depending on the campaign. The more harmless ones lead to shady online pharmacies reminiscent of the infamous Canadian Pharmacy, but some have a malicious payload.

“There has been an increase in malicious email, but it hasn’t approached the amount of infections sourced from the web,” he said. “It really is just a change in how email infections work. They used to be attached EXEs and SCRs that were simple Trojans. Most organizations are smart enough to block executables from entering through their email gateways, so criminals have moved on to HTML, PDF and RTF files,” said security advisor Chester Wisniewski.

A recent campaign involving fake DHL invoices contained an attachment that, if opened, downloaded a piece of malware called Trojan.Bredolab. This Trojan downloads even more malware and is also known for delivering the FakeAV scareware. Another campaign that brandjacks Intuit delivers the Blackhole Exploit Kit, which targets corporate users. It works by sending them to a fake page saying they must update their “Intuit Security Tool” or access to their Quickbooks account would be blocked. The exploit, which takes advantage of an Adobe vulnerability, gives a hacker complete control over the computers it infects. A hacker could turn on the webcam, record keystrokes, and send the browser to malicious websites, among other things.

Spammers are increasingly turning to malicious spam in an effort to increase profits and either repopulate old botnets or populate new ones, and such campaigns will only get more dangerous and sophisticated as time goes on.

 

Comments

Rose Smith November 9, 2012

Spam and malware attacks are rising because Thanksgiving and Christmas are soon and spammers exploit these occasions. Though the list of companies that are affected is strange – I thought it was more Amazon, eBay, and other stores that will be targeted.

David Andes November 12, 2012

I just received one from Paypal. Awesome. I’m no expert, but I have a few good reasons in mind why this is happening. First, more and more people are getting too complacent when it comes to their passwords, especially if they already have multiple e-mail accounts. One password for all is much easier to deal with. Second, it’s almost the holidays, and, well, even phishers and scammers need a lot of money for their loved ones. Third, a lot of people fall for their scam, so why not make it regular?

Cora Johnson November 18, 2012

You’re actually right, @Rose. It’s the time of the year once again. There was also a spike during the election season. (I think the blog has also pinpointed to that fact.) What I can share are a few tips on how to reduce the chances of falling into their schemes. I’m speaking based on experience. First, don’t download anything, especially if the e-mail comes from an unknown person. If the e-mail from LinkedIn, PayPal, or whatever website sounds too good to be true, click on actual e-mail address. Better yet, trace the origin of such e-mail or even check the news.

  • (required)
  • (required)