For everyone’s information:
Below is a screenshot of a new spam run in the wild, and the sender (whoever he, she, or it is) presents to recipients a very suspicious but very free license for Microsoft Windows that they can download.
Sounds too good to be true? It probably is.
click to enlarge
From: {random email address}
Subject: Re: Fwd: Order N [redacted]
Message body:
Welcome,You can download your Microsoft Windows License here –
Microsoft Corporation
Clicking the hyperlinked text leads recipients to a number of .ru websites hosting the file, page2.htm (screenshot below), which contains obfuscated JavaScript code that loads the Web page fidelocastroo(dot)ru(colon)8080/forums/links/column(dot)php.
click to enlarge
This spam is a launchpad for a Blackhole–Cridex attack on user systems.
This method is likewise being used by the most recent campaign of the “Copies of Policies” spam, also in the wild.
Our AV Labs researchers have documented their findings in detail regarding these spam runs on our GFI Software Tumblr page. Please visit www.gfisoftware.tumblr.com.
Stay safe!
Jovi Umawing (Thanks to the GFI Labs team)
Leave a reply
