Several security firms are warning users to be on alert for a growing number of malware ridden spam campaigns. These campaigns brandjack several well known brands and companies such as DHL, Intuit, Amazon, LinkedIn, British Airways, YouTube and Google.
The messages are carefully designed to look like legit communications, usually notifications and reminders. Some tell the user they’ve got a package waiting or appear to be a receipt for airline tickets. The links lead to different things depending on the campaign. The more harmless ones lead to shady online pharmacies reminiscent of the infamous Canadian Pharmacy, but some have a malicious payload.
“There has been an increase in malicious email, but it hasn’t approached the amount of infections sourced from the web,” he said. “It really is just a change in how email infections work. They used to be attached EXEs and SCRs that were simple Trojans. Most organizations are smart enough to block executables from entering through their email gateways, so criminals have moved on to HTML, PDF and RTF files,” said security advisor Chester Wisniewski.
A recent campaign involving fake DHL invoices contained an attachment that, if opened, downloaded a piece of malware called Trojan.Bredolab. This Trojan downloads even more malware and is also known for delivering the FakeAV scareware. Another campaign that brandjacks Intuit delivers the Blackhole Exploit Kit, which targets corporate users. It works by sending them to a fake page saying they must update their “Intuit Security Tool” or access to their Quickbooks account would be blocked. The exploit, which takes advantage of an Adobe vulnerability, gives a hacker complete control over the computers it infects. A hacker could turn on the webcam, record keystrokes, and send the browser to malicious websites, among other things.
Spammers are increasingly turning to malicious spam in an effort to increase profits and either repopulate old botnets or populate new ones, and such campaigns will only get more dangerous and sophisticated as time goes on.