by Martin Quinn (Principal Consultant) 23 April 2013
Using the lure of recent global events has enabled spammers and malware pirates to leverage and exploit users into falling victim to email phishing scams or web based drive-by attacks. Most of these are orientated around the Boston Marathon bombings and the ensuing man-hunt. However, scammers are also utilising to a similar extent the Waco Plant explosion and the recent death of Margret Thatcher to hook users. In terms of saturation, this is roughly accounting for 10-20% of all spam worldwide.
These types of scams either direct the target to a malicious web page which would then either hijack the browser or perform a fetch to the malware file(s) itself or are directly sending what at first glance looks like an AVI file. Either way, they are generally in the form of:
Boston______AVI.exe, Waco______AVI.exe, etc.
Many, of these types of files have been identified by antivirus vendors and virus signatures have been promulgated accordingly, but it only takes the slightest variation and the malware can slip through the dragnet.
Therefore, user awareness is key. If you or, your staff have received phishing emails or similar requests to view videos covering the above topics, err on the side of caution, be sceptical and delete the files and report it to your system administrator or security resource.
If you believe that you have been a victim of this attack and are worried that your systems may have been compromised, contact Intact Security for an obligation free chat on 02 9227 8201
Relax. Your security is Intact
Author: Intact Security