A quick tip off to our dear readers: if you’re a client of the BT (British Telecom) Group, be warned that there is a new spam campaign under the guise of a “Notice of Delivery” mail pretending to originate from BT Business Direct. Below is a screenshot of the said email:
click to enlarge
Once users download and open the attached HTM file, they are redirected to a Russian website the file calls back to. The website serves a Blackhole Exploit Kit, which then downloads Cridex once it finds a software vulnerability.
You can find details of the spam email in this GFI Software Tumblr blog entry.
The GFI Labs Team
Leave a reply
