Resume Spam Mails Lead To Scareware
A newly launched spam mail campaign, pretending to be resume submissions, are being circulated on the Net, telling recipients to click on given attachments containing HTML files, but they actually divert users onto scareware-serving websites, according to Softpedia, which published the news on August 20, 2010.
Displaying the subject line, "Resume," the malicious spam mails carry brief messages such as "Please find attached my CV" or "Attached, please find."
This malevolent site shows a message -"PLEASE WAITING 4 SECOND." And while those 4 seconds run, an iFrame secretly pulls down malware from still one more website with which further malicious software is downloaded and run on the victim's machine.
The objective, all the while, is to trigger a typically bogus anti-virus scan, which sets fake alerts that there is malware on the user's PC so he must download a certain executable file. But that .exe file in reality is a scareware installer that pretends to be an authentic anti-virus. Moreover, it blasts the victim's PC with bogus security warnings related to malware until he willingly spends on security software's license that is actually worthless.
Sadly, people who get victimized with such scams don't just lose their precious funds, but have personal payments cards compromised as well.
Reportedly, from the total 42 anti-virus applications that VirusTotal considers, merely 19 identified the scareware, which the current attackers used, as malicious.
Remarking about this attack, specialists state that it's the first one witnessed during the recent period i.e. the technique utilized together with scareware campaigns, indicating that it's being picked up in other spam runs too.
Related article: Russian Hackers Break into NOAA to Push Pills
» SPAMfighter News - 27-08-2010