Barracuda Labs Detects Spam Runs Aimed at SMBs
According to investigators at Barracuda Labs a security company, they've identified 2 fresh spam outbreaks, which while targeting SMBs with malware, are presently circulating online.
The first outbreak involves a scam e-mail that poses as communication from the US central bank namely the Federal Reserve while displaying the header: "Your Wire fund transfer."
Addressing recipients, the fake electronic mail tells them that the Wire Network of the Federal Reserve couldn't process the wire-transfer of funds their banking accounts dispatched shortly and that to get additional information, they require clicking a web-link.
But on clicking, users are directed that they should load an executable that in reality is the Zeus an information-seizing Trojan, infamously known for recording keystrokes entering banking credentials of SMBs, charities and school districts, Barracuda points out.
Remarking about this malevolent spam outbreak, Luis Chapetti, researcher at Barracuda stated that the objective of the scam was to grab users' money. SCMagazineUS.com published this on June 22, 2011.
Additionally Barracuda also outlines that the scammers responsible for the above mentioned spam run changed techniques on June 22, 2011 in favor of using Internal Revenue Service brand-name inside their messages. However, the payload in those e-mails was the same while they seemed to notify victims that their bank annulled the tax payment they submitted with the federal government; hence, they must follow a given web-link to get more details. But the web-link was as usual malicious.
Remarking about both the above mentioned spam runs that once hit innumerable users' inboxes per day, David Michmerhuizen researcher with Barracuda stated that there was the potential whereby the general public became infected, particularly at the large volumes it happened. SCMagazineUS.com reported this.
Meanwhile according to the company, neither the Federal Reserve nor IRS ever dispatches e-mails which direct recipients to provide vital information. Therefore, as per experts' advice, end-users mustn't execute the links.
Besides, if anyone gets a dubious electronic mail, he should clearly erase it alternatively get in touch with a security admin or system support followed with sending the messages onto the accounts of the Federal Reserve and IRS for conducting the required investigations.
» SPAMfighter News - 02-07-2011