The Latest in IT Security

GFI Labs Email Roundup for the Week


How was your weekend, dear Reader? Hope you had a good one!

This week’s email threat roundup is a bit longer than usual since we didn’t get to release one during Thanksgiving week.

What we have below are noteworthy spam samples found and documented by our researchers in the AV Labs in our Tumblr page. Most of the samples not highlighted here are either slightly tweaked variants of the previous ones we’ve highlighted before or persistent recurrences of much older spam. No matter how great or small these spam samples have changed, users still end up with the same system infection of information stealers made possible by malware that exploits unpatched software.

Let’s begin:

  •  “Provisionally Withheld for Security Reasons”. Or so they say:

    click to enlarge

    This bogus in-the-wild mail hides behind the name of the FDIC, or Federal Deposit Insurance Corporation. If you’re a client, I suggest you think twice before clicking any links, else you’ll find your system infected with a Trojan that steals banking information called Cridex. More here.

  • WU Spam Zeroes in on Agents. This spam is designed not to target Western Union clients but those who attend to them.

    click to enlarge

    Anyone curious enough to check out the attached file will most likely have no idea that they are downloading and executing a ZBOT malware. Details here.

  • Look Who’s Posting on Facebook.

    click to enlarge

    If you’re not familiar with the previous spam samples we mentioned above, you’ll probably relate more with this one. Facebook normally sends notices to its users via email, provided those users have this feature enabled for their own accounts. If you have an account and you have allowed Facebook to send you email notifications, please be extra careful when handling this spam. Better yet, just access your account and check out what your friends have been posting. You don’t want Cridex on your system now, do you? Details here.

  • “You Have One Secure Message”. If reading that has made you go “Ooh!” and click, I’m contacting Houston.

    click to enlarge

    This is similar to the Key Bank spam we also found not long ago. If you, dear Reader, are not careful with this, you might end up housing a ZBOT variant in your system. Learn more about this spam here.

  • Spammers Bank on Southwest Airlines. This probably would have been a good idea; however, avid readers of the GFI Labs blog will likely be more wary of anything related to Southwest Airlines spam. Why? Because we have already exposed more believable and highly effective fake spam (on Facebook, no doubt!) banking on it before (1)(2).

    click to enlarge

    More here.

  • eFax Malware. Little do we realize that many businesses and individuals still rely on using the fax on top of the usual email. It is, therefore, no surprise to see spammers targeting this unique group of users.

    click to enlarge

    Email recipients who open the attachment will be infected with ZBOT. Details here.

  • Another Unclaimed Parcel. This time, spammers are using FedEx to lure unwary recipients. Here’s what the spam look like:

    click to enlarge

    Clicking the Get Postal Receipt link leads users to websites that host a fake AV similar to this fake UPS spam. Details here.

We’re now in the last month of the year. As such, we must expect an increase in email-related threats with themes that revolve around Christmas, New Year and other concepts that are less festive at this time of year, such as the Mayan Apocalypse.

‘Till the next roundup!

Jovi Umawing

Leave a reply





Latest Comments

Social Networks