Websense Security Labs™ ThreatSeeker™ Network has detected a new virus spam outbreak after Daniel Covington's death. Websense customers were proactively protected against the malicious code by our Advanced Classification Engine (ACE).
Most popular sport Web sites have reported this news: Daniel Covington, a former Louisville football player, was shot and killed after an altercation in downtown Louisville in the early hours of the morning on Sep 16, 2010. Of course, hackers never lose their chance to extend their criminal activities and this time, Daniel Covington has been their victim.
Let's track their vicious trail. Firstly, they send thousands of spam messages with a subject of "Daniel Covington die" to attract people's attention on the Internet.
Screenshot of the email:
Be careful of the HTML attachment: don't click it, as it hides malicious obfuscated JavaScript code and the obfuscation technique has been mentioned in our previous blog.
Let's see how evil they are. If a recipient clicks the HTML file, they will be redirected to two malicious sites. One site contains rogue AV, and the other one includes a Phoenix exploit kit – a well known kit used by web attackers.
"Daniel Covington die" is not the only theme in this campaign. We have also found the virus spam in emails with these subjects:
* America's Got Talent
* Cops kill active shooter at Johns Hopkins Hospital
* Church of Body Modification
* failure notice
* Jackie Evancho and Sarah Brightman
* NFL Picks Week 2
View full post on Security Labs
Related Posts
- Malicious E-Cards on the prowl
Emails disguised as electronic cards have been used as bait over and over again for malicious intent. The fact that they are overused is a clear indicator that this lure indeed works.&n... - Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate... - Unfollowed Me rogue application spreads virally on Twitter
Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.
Tho... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Doctor Who calling-on Skype, with malware
Earlier this week, I received a phone call via Skype on my laptop, the caller's ID was "dralerthelpzc8" as in Dr Alert Help ZC8. The voice on the other end was automated, computerized and otherwise no... - Spamvertised “Reqest Rejected” Campaign Serving Scareware
A currently spamvertised scareware-serving campaign is enticing end users into downloading and executing a malicious binary, which drops a scareware variant.Sample subject: Reqest rejectedSample messa... - Now Exploiting: Phoenix Exploit Kit Version 2.5
The Phoenix Exploit Kit is now available in version 2.5 in the cybercrime underground.
Exploit kits are but one of the different tools used by cybercriminals for DIY Cybercrime. The Phoenix Exploit Ki... - Website exploit allows spam to be sent from Google.com (with real headers)
A 21-year-old Armenian calling himself "Vahe G" has uncovered a way of sending spam to Gmail users, just by them visiting an exploited webpage.
TechCrunch reports that they confirmed the vulnerabil... - Phoenix Exploit Kit’s Random Access Obfuscation
In this post I'll cover an interesting piece of obfuscation that we recently came across while handling a blended threat. This threat began as several malicious emails containing a link that...
Posted on 18 September 2010. Tags: Covington, Daniel, Death, Exploit, leading, Phoenix, rogue, Spam
