Malicious Circulation through Newsletters
Several companies using newsletters for marketing have been hacked recently and are used for sending malicious e-mails, as per the news by Help Net Security on September 26, 2011.
Websense Security Labs came across such messages that seemed to genuinely come from large authentic firms.
Security Labs observed a rising trend in spam circulation from webmail accounts. In the beginning, these accounts were hosted on freemail providers, but now it is facing corporate webmail accounts that have been recently attacked.
Once the account of a promoter is hacked, all sorts of seemingly legitimate notifications are sent. On account of one such incident, a clothing order was sent using the name of an international retailer. Though this malware was quite harmful, initially, it was not traced by any of the anti-virus program.
In some of the other instances, hackers take charge of the concerned website of a company and flood it with malware and in such matters; they generally recreate fresh domains in circulating their forged software.
In a significant hacker attack, the spammers hacked the company website of an Argentinian e-mail marketing firm but this time, they issued a fresh domain with the naming convention '<companydomain>-support.com'. Subsequently, the hackers intended to shift to a marketing company of Australia.
However, one of the common features of these marketing firms is that they appear to include their account names in the user part of the e-mail address combined with their own domain.
Nevertheless, the link directs the users to a new domain hosting a Trojan that resembles the order, and this malware eruption was established by AV Software for the first time when it was initiated.
This example thus indicates how e-mail distribution firms prove to be an ideal target for attackers who seek for increasing the chance of their targets.
The analysis by Websense stated that the note comes from the authentic sender, the fact that it is filled with harmful reveal its true identity.
It is easy to imitate marketing companies as the hackers can easily harness information from the newsletters send to subscribers.
Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected
» SPAMfighter News - 04-10-2011