There is a large-scale malicious spam campaign going on currently. The spam comes in a few different types, one of which imitates a Twitter notification. The subjects of the spam varies, but sadly, many focus on the recent events in Japan.
The links, which you can see in the image above, or if you look at the raw HTML, are distinctive:
http://lowercase_gibberish.(com|org|net)/base64string
The links lead to a page hosting obfuscated malicious JavaScript, which seek to exploit a Java vulnerability. Our host was immediately compromised, botted (added to a botnet), and some not-so-subtle fake anti-virus malware was installed complete with scary desktop warning:
The spam is originating from one of the Cutwail spambot variants. We managed to get this template from Cutwail command and control traffic, which clearly shows the Twitter template being used.
We are still investigating the nature of the malicious landing page and subsequent infection.
With the rise in social networking, we have been seeing increased use of fake ‘notifications’ being used by spammers. As ever, remain on guard, especially when it comes to Twitter ‘notifications’.
Related Posts
- Adobe Reader X stops malicious PDF spam campaign dead in its tracks
A new malicious spam campaign underlines the security benefits of upgrading to the latest version of Adobe Reader - Adobe Reader X.
SophosLabs are currently seeing reports of a low-level attack, spamm... - Malicious spam campaign regarding VOIP Addons for Skype – the story goes on
MX Lab, http://www.mxlab.eu, reported earlier on regarding a malicious spam campaign regarding an offer to get Skype VOIP Addons.
We have been following the campaigns and what is quite stunning is th... - Malicious spam campaign regarding Adobe Acrobat 2010 PDF Reader and VOIP Addons for Skype
MX Lab reported earlier on regarding a malicious spam campaign regarding an offer to download and buy PDF Reader/Writer for Windows and Mac in the article “Emails offering PDF Reader 2010 lead t... - Misuse of Google Groups for Malicious Spam Campaign
CA ISBU recently received spam emails that abuse the free service of Google Group, a service from Google that supports discussion groups, including many Usenet newsgroups, based on common interests. M... - Malicious Spam on the increase again
Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion o... - Facebook Events, Credits, and Passwords Being Used for Attacks
Facebook has expanded its range of service offerings, making the site so much more than a place where users can interact with one another. It has been said several times that Facebook is bound to repl... - Large spam campaign “Unread messages” from Twitter leads to pharmacy sites
MX Lab, http://www.mxlab.eu, started to intercept a large spam campaign with the subject “Twitter – You have X unread message(s)”, where the X is a number from 1 to 3, that leads to... - Japanese disaster – ammo for cyber arsenal
It’s no secret that criminals try to use huge disasters to their benefit to make some cash, this time is no exception! We have been able to track several black hat methods ... - UPS Spam.. Oh Wait, It’s an FDIC Spam Campaign
After more than a week of malicious UPS spam campaigns, the Cutwail botnet changed its spamming theme this week. The malicious spam pretends to be from the Federal Deposit Insurance Corporation or FDI... - YourBizBegin spam campaign on Facebook
A fairly successful spam campaign is currently active on Facebook. The
campaign advertises the web sites YourBizBegin.com and
YourBizStart.com, which promise easy money for working from home.
Googling...
Posted on 18 March 2011. Tags: campaign, disaster, Japanese, Malicious, preys, Spam
The above information is reprinted from and copyrighted © by M86 Security.
