Fake Notification E-mail Supposedly from US SEC Results in Malware

According to security company GFI, notifications posing as arriving from the United States SEC (Securities and Exchange Commission) are targeting people's inboxes as well as attempting at duping them into clicking on an embedded web-link, published Help Net Security in news on March 2, 2012.

The phishing electronic mail, state GFI's researchers, comes from "Homer Hutchinson" bearing a striking caption: "Notification of securities investigation against your company." The message body, addressing the e-mail recipient as customer, states that the Whistleblower office of SEC recently got complaints regarding probable breach at his firm, which also offered unregistered securities, in connection with the financial products such as 'swaps.'

Thereafter, it states that the recipient must answer the e-mail in 28 days otherwise an investigation on his firm by the Securities and Exchange Commission will be launched. And for reading everything about the complaint, the user must click the web-link to the portal named Securities and Exchange Commission Tips, Complaints, and Referrals, the fake e-mail concludes.

But if anyone does click the web-link, he gets diverted onto an HTML site via several redirects, eventually landing on the site, which harbors the BlackHole attack toolkit. This toolkit exploits several vulnerabilities within Adobe Acrobat, Reader and Flash along with a few within Java as well as Windows Media Player.

Moreover, once BlackHole is able to take advantage of any one of these vulnerabilities, it will result in the user landing on a website and taking down a file called about.exe from it. This executable has been identified as the 'Win32.Malware!Drop' malicious program.

Also, according to the researchers, the mentioned file isn't one which caries the complaint. Rather, it's merely one version of the Zbot or ZeuS information-capturing Trojan horse, which Virus Total already identified.

Experts suggest that Internauts should exercise caution while dealing with incoming e-mails, which in reality are junk e-mails that escaped the anti-spam defenses. Further, they urge users to ensure that each and every application on their PCs has the latest patches.

Finally, people receiving the fraudulent e-mail mustn't follow its embedded web-link as it'll damage their computers, the security experts add.

Related article: Fake Spam Mail Announces Australian PM’s Heart Attack

» SPAMfighter News - 3/13/2012