Malware distribution via email is far from dead. While we had a distinctly quiet period from October 2010 to March 2011, our stats show the bot herders are gearing up again with the proportion of spam with malware attachments rising, although still not as high as the peaks we saw mid last year when the Bredolab and Cutwail botnets were in full swing.
Malicious spam on the increase again
After the bot herders took a brief Easter break, they are back to sending new waves of malicious spam. The first spam campaign was sent by the Cutwail botnet earlier this week. The email claims to be an invoice from Bobijou Inc. – an online jewellery brand. There is a chance that people might fall into this trap especially as it claims money on your credit card was involved. But take a closer look at the subject line: Successfull Order 3677718, that wrong spelling should easily alert you that this email is a scam.
Cutwail Spam Campaign
Another malicious spam campaign originating from the Donbot botnet that came in later this week. It uses a common, uncreative theme with subject line like, “my hot pic : )“, “my naked pic is attached“, etc. The Donbot botnet’s spam output is on the rise and this is the first time we have seen it spreading malicious attachments.
Dontbot Spam Campaign
Both spam campaigns contain a zipped attachment which, once extracted, contains an executable file that downloads – surprise, surprise – Fake Antivirus:
In addition, this week we have been seeing more of the Asprox botnet’s “Spam from your Facebook account” campaign, that preys on peoples fears about the security of their Facebook accounts. This campaign first came out last year, illustrating that the bot herders behind Asprox often cycle their spam campaigns between UPS, DHL, FEDEX and iTunes Gift Certificate among others.
Recent Facebook spam campaign sent by Asprox
The attachment is a Trojan that aims to seed the Aprox bot executable in the infected host, which is then used for spamming purposes.
SMTP transaction of an Asprox’s process ASPIMGR.EXE
We have blogged about these types of threats many times before. In a sense, it’s the same old stuff with slightly different social engineering. Be wary.
Related Posts
- This is how hacker steal your Facebook password
There's many attackers out there who want to steal your credential information. And no doubt, Facebook as one of the largest Social Networking sites in the world, always been a target of attack from t... - Warning About Spam Fake, Not from Facebook
Facebook is undoubtedly the highest-profile social networking site around with more than 500 million active users, half of whom log in on any given day. It shouldn’t be a surprise therefore that its ... - New Asprox Facebook Spam Campaign
Just after we posted our blog about the Asprox spam campaign yesterday, we noticed a new Asprox template purporting to be an email from Facebook support. This spam campaign claims the user’s Fac... - Fake Celebrity Deaths Used in Malicious Spam Run
TrendLabs received a recent spammed message that uses fake news about the death of Hollywood celebrities and famous athletes.
The spam came in two varieties—one has a .ZIP file attachment that contain... - Malicious Spam Exploits Fake Celebrity Deaths
Miley Cyrus is fine. Beyoncé did not perish in a plane crash. Brad Pitt did not meet an untimely demise. Everyone take a deep breath and--whatever you do--do NOT click on any file or link that arrives... - Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl
It's starting to seem like Facebook can't win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using... - The Royal Wedding and The Fake Antivirus
The Royal Wedding of Prince William and Catherine Middleton that will be held tomorrow, on April 29, will attract the attention of many people around the world, and has become a trending topic on vari... - Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - Malware spammed out as “FaceFacebook Support”.
Another Facebook spam mail pretending that your password is not safe, currently circulating on Internet. The subject is: FaceFacebook Support. Personal data has been changed!ID55733. The email comes w... - 500 free credits from Facebook – malware
There's no such thing as a free lunch - or free Facebook credits. As proof consider the attack described below which has several stages:1) Users get messages with o...
Posted on 30 April 2011. Tags: Antivirus, Asprox, Cutwail, Donbot, Facebook, Fake, Malicious, Spam, Statistics
The above information is reprinted from and copyrighted © by M86 Security Labs Blog.
