Multiple Spam Campaigns Linked to a Single Operation


A series of surprisingly complex spam campaigns have been linked to one source.

According to a report from, recent spam campaigns using messages made to look like they were sent by companies such as Facebook, LinkedIn, American Express, Paypal, FedEx, The Apple Store, Delta Airlines and many more, are all part of a single, carefully carried out attack that was designed to steal as many people’s financial details as possible. The attack used malware known as the Blackhole Exploit Kit. This malware uses a variant of the infamous Zeus Trojan to do its dirty work.

According to, the attack works like this:

“A user receives the fraudulent but convincing-looking email, and if he or she visits an embedded link in the message, then the victim is directed to a known and legitimate website that the attackers have compromised. (Trend Micro would not reveal which sites were hacked). A page there redirects the user to a malicious website or the landing page. There the user’s machine is scanned for potential vulnerabilities that, when found, can be exploited and infect the machine with the information-stealing malware.”

Unlike traditional spam campaigns, this one is tremendously complex and blends phishing with drive by downloads, spear phishing, and traffic redirection. So far they’ve brandjacked nearly 100 top brands and companies. What’s not clear is why and how the victims of the attack were targeted .

Could the hackers behind the attack be using data stolen during one of the recent string of data breaches? Have the brands and companies used in the attacks been compromised and not even know it? There are no answers yet but what is clear is the hackers behind this attack are not your average joes at all.

Written by Sue Walsh


  1. Bea Jach · August 1, 2012

    This is good to know, in a way. It is better than having smaller spam operations. When we take them down, we take down most of the spam campaigns out there. One stone, several birds, so to speak.

    Above average or not they are, I still believe those spammers can be caught. I just hope that those organizations and agencies waging the war spammers will double their effort to do this soon. If not soon, maybe after a bill will be passed to severely punish those guys. Let them feel the consequence of their actions. Punitive provisions of anti-spam laws should be deterrent enough to end this war for good.

Leave A Reply