Curiosity killed the computer

Druckfreundlich, PDF & E-Mail

By Dave Michmerhuizen – Research Scientist, Luis Chapetti – Security Researcher

Malicious spam uses a variety of techniques to persuade you to click on links; fear and greed are popular, but the most popular technique is curiosity.  Some appeals to a user's curiousity are familiar; fake faxes, sexy come-ons, package delivery notifications, all the sorts of things that experienced email users delete without a second glance.

But what about an important change log?

Change control is a part of many business processes.  Programmers, data maintainers, document editors, inventory specialists and accounting professionals are all likely to keep detailed logs of changes to data and share those logs via email.  Since these sorts of emails are anticipated and desired, recipients are less likely to to be suspicious of them.  Curiosity takes over.

These are copies of some changelog themed spam that we saw a bunch of in 2012.

These samples use LinkedIn as their spoofed source, but we have seen these spoofing the same organization that they were addressed to, which makes it even more likely that the addressee will wonder what is inside.  The message text itself doesn't give much away.  All you're left to do is wonder what might be on the other side of that link (or in that HTML attachment.)

In this case, curiosity will kill your computer.  Both the link and the HTML attachment quickly redirect the user's web browser to a website hosting the Blackhole exploit kit.  This is the malware delivery method of choice at the moment.  They are easy for spammers to set up and most malicious spam attempts to deliver the user to such a site which will attack the browser and install a password stealer.

When it comes to malware, spam is the most common attack vector.  Treat the contents of your inbox as guilty until proven innocent.   Don't let curiosity get the better of you – or of your computer.

Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails.



Nach oben scrollen