Massive Spam Attack Slips Past Spam Filters on its way to Australia

Password-Hand3What is it about Australia these days? Whether it’s their tough stance on spammers (Canada: take note), surprising reports about where the spam is coming from, or Aussies saying enough is enough, the country that’s so cool they called it a continent has been making all sorts of spam news recently, and this week, the country made the news again when a massive spam attack slipped past anti-spam filters and landed squarely in users’ inboxes.

Westpac, one of Australia’s big four banks, is the latest target as Trojan laden spam hit more than 125,000 users in a focused attack on Thursday morning, and SC Magazine reports that the amount of nasty emails has “spiked into many hundreds of thousands of emails” on Thursday, and that the number appears to be on the rise. Reports are a little fuzzy so far, but the spam messages appear to be packing W32/Kryptik.KZ!tr and BackDoor.Slym.1498, two known Trojans. Apparently phishing emails, users were instructed to launch the attachment (presumably, some sort of banking notification) using Internet Explorer. The malware has been reported as some sort of remote backdoor Trojan, in other words, nasty stuff with which to become infected, and especially dangerous considering the scope of the attack and the pace at which it’s propagating.

“At least some of the phishing emails bear the attachment SecureMessage.zip and the sender address secure.mail@westpac.com.au,” SC Magazine is reporting, and Bit.com has reported that the message is being sent with the subject “WestPac Secure Email Notification.”

Security professionals are reporting that the exact nature of the payload, while still being identified, is being delivered in variants. According to one spokesman, the spam has circumvented 42 out of 44 email antivirus software applications, not a great track record if you’re a fan of…uhm, I don’t know, things actually working the way they’re supposed to.

“This is the biggest fast breaking email the tech guys can remember,” Anwar Ibrahim, a service delivery director stated. SC Magazine points out that “Almost 2000 unique IP addresses were logged sending the spam using a single filter, pointing to the United States, Peru and Australia in descending order.”

The attack also appears to be a scorched earth campaign, dispensing with targeted attacks in favor of indiscriminately blasting out as many emails as possible. Bit.com points out that institutions like banks are popular targets. “Fraudsters often use the names of trusted organisations such as banks, courier companies and government departments to encourage recipients to open emails containing malware. The Australian Taxation Office (ATO) [is] another name that’s popular with spammers, for example.” The malware’s SHA256 hash is 5450eea52c6e04bcae760c6181c6c79198daa6e969fca406e0f9dd3b49212d48.

This incident is just another day in the life of the war with spam. No offense to those affected, but we’ve heard it so many times that it lacks the shock value that we might have felt ten years ago. It is a good – and timely – reminder that these things hit without warning, and that spammers will stop at nothing to line their pockets. That it hit so suddenly is not surprising. That it was so effective in slipping past detection software is. We seem to be seeing more and more attacks, which by design have managed not only to fool the anti-spam filters, they in fact are good enough to fool most users. And that’s something we need to discuss.

Spring is almost here. It’s time to do a little spring cleaning. Check your filter settings and spam folders. How effective is it? Maybe a little tweaking is required. Use this opportunity to get your users together and share information. Use some of the more effective spam campaigns – like the one reported in this article – as real-world examples of what to look for. Scare your users if you have to. Remember, they don’t know what you know. They’re also very busy making sure their pay checks keep coming, so, unlike you, looking out for malware attacks is not in the forefront of their minds. Take the time to refresh on best practices, phishing methods, link spoofing, the dangers of clicking links and opening attachments, and email preview panes – all those things that put users at risk. Anti-spam filters are invaluable tools, but like any other tool, they’re only as good as the person wielding it Awareness and vigilance are of utmost importance, because they’re out there. The spammers won’t stop until they’ve got you.

Stay safe.

Written by Malcolm James

0 Comments

  1. Cass · March 26, 2013

    I don’t think they are attacking Australia (and New Zealand) because it’s not fair to leave them out. Obviously spammers perceive Australia as an easy victim and this is why they direct their attacks towards it. Judging by the success of their attack on Westpac, they might be right – Aussies need to tighten their security. Otherwise, they will be perceived as easy targets, which certainly will bring them many new attacks.

  2. Jones Amore · March 28, 2013

    Westpac, and Australia in general, need to tighten or reinforce their online security. Spammers are getting more and more creative (and complicated), so companies and individuals need to do the same. As you mentioned, the scary fact here is not the attack itself, but the fact that spammers were able to go through the detection software. And Australia is not just any country; it’s one of the most advanced in the world! If they are susceptible to attacks like this, then we should start to worry, too. Anti-spam developers should find a way to constantly stay ahead of the game.

  3. Cathy Laine · March 29, 2013

    Obviously, this problem isn’t limited to Australia only. It’s happening in every corner of the globe. But maybe the country and the continent is thrown into the spotlight because this is an irony. Just when they try to be staunch defenders of the users’ inboxes, a news like this came about, showing how weak their system is that even their very own large bank becomes prone to what is a very common type of spam attack.

  4. Senad · April 8, 2013

    Reading this post (as well as other ones here), and I can’t believe I didn’t know about this website before. So much valuable information and a quality contribution from users, it’s pure gold. Big, big, thank you for making these resources available to readers.
    Anyway, I am from Australia and I have experienced the Westpac spam first hand (it kept coming to my inbox). Normally it’s a PayPal or FedEX type of spam, so I was a bit surprised to see the bank being used. Well, not totally, as nothing surprises me any more these days.
    Once again, love this site, bookmarked it, and it looks great as well – big thumbs up to webmaster.

Leave A Reply