This week’s email threat roundup is a bit longer than usual since we didn’t get to release one during Thanksgiving week.
What we have below are noteworthy spam samples found and documented by our researchers in the AV Labs in our Tumblr page. Most of the samples not highlighted here are either slightly tweaked variants of the previous ones we’ve highlighted before or persistent recurrences of much older spam. No matter how great or small these spam samples have changed, users still end up with the same system infection of information stealers made possible by malware that exploits unpatched software.
- “Provisionally Withheld for Security Reasons”. Or so they say:
This bogus in-the-wild mail hides behind the name of the FDIC, or Federal Deposit Insurance Corporation. If you’re a client, I suggest you think twice before clicking any links, else you’ll find your system infected with a Trojan that steals banking information called Cridex. More here.
- WU Spam Zeroes in on Agents. This spam is designed not to target Western Union clients but those who attend to them.
- Look Who’s Posting on Facebook.
If you’re not familiar with the previous spam samples we mentioned above, you’ll probably relate more with this one. Facebook normally sends notices to its users via email, provided those users have this feature enabled for their own accounts. If you have an account and you have allowed Facebook to send you email notifications, please be extra careful when handling this spam. Better yet, just access your account and check out what your friends have been posting. You don’t want Cridex on your system now, do you? Details here.
- “You Have One Secure Message”. If reading that has made you go “Ooh!” and click, I’m contacting Houston.
This is similar to the Key Bank spam we also found not long ago. If you, dear Reader, are not careful with this, you might end up housing a ZBOT variant in your system. Learn more about this spam here.
- Spammers Bank on Southwest Airlines. This probably would have been a good idea; however, avid readers of the GFI Labs blog will likely be more wary of anything related to Southwest Airlines spam. Why? Because we have already exposed more believable and highly effective fake spam (on Facebook, no doubt!) banking on it before (1)(2).
- eFax Malware. Little do we realize that many businesses and individuals still rely on using the fax on top of the usual email. It is, therefore, no surprise to see spammers targeting this unique group of users.
Email recipients who open the attachment will be infected with ZBOT. Details here.
- Another Unclaimed Parcel. This time, spammers are using FedEx to lure unwary recipients. Here’s what the spam look like:
We’re now in the last month of the year. As such, we must expect an increase in email-related threats with themes that revolve around Christmas, New Year and other concepts that are less festive at this time of year, such as the Mayan Apocalypse.
‘Till the next roundup!
Leave a reply