Hoax E-mails Supposedly Recipients’ Photos Target LinkedIn Users
Security researchers from Sophos report one fresh malware assault, which spams out, far and wide, malicious e-mails to Internauts while pretending to provide photographs.
The perpetrators distribute bogus LinkedIn e-mails with the subject line "Your photos" that dupe recipients into viewing one attachment carrying a special .htm file.
A text is included in the e-mails wherein by greeting the recipient, the writer tells the reader that his photos have been given in a file attachment and that he must view them only inside the Internet Explorer browser.
Moreover as the file, which is named Image_DIG[random number].htm, gets viewed, a message pops up reading "please wait a moment".
Meanwhile, behind all this, the victim gets diverted onto one website that hosts the BlackHole exploit and also plants malware.
Any Sophos antivirus program reportedly, detects the malevolent file-attachment (.htm) as Mal/JSRedir-M.
In a personal viewpoint about the current assault, Senior Technology Consultant Graham Cluley at Sophos states that an increasing number of assaults, which researchers at Sophos Labs were tapping relate to the BlackHole malware, underscoring that it's vital to maintain one's security patches and anti-virus software programs to their latest versions. Additionally, it's important to know how to be careful with unfamiliar web-links or unsolicited attachments, he posts. Nakedsecurity.sophos.com published this dated October 26, 2012.
Disturbingly, it's because of the above kinds of malware-laced bulk message campaigns, which's resulting in an increase in spam online, remark the researchers at Sophos. Their remark gets the backing of Kaspersky the security company, which released statistics in its September 2012 Spam Report showing that spam messages within total e-mail rose 2.3% since August 2012 while accounted for a mean 72.5% during September 2012.
Furthermore, in a similar malware-laced spam attack against LinkedIn users, during the 3rd-week of October 2012, persuasive though hoax 'invitations to join the network' supposedly from major industry groups and businesses targeted LinkedIn members that instilled expectations of enhancing personal professional circles. Similar to an original LinkedIn invitation, those electronic mails encouraged clicking "ignore" or "accept" links albeit doing so diverted the end-users onto websites, which installed the BlackHole onto their PCs.
Related article: High-Profile Flaws in September Unrelated to Virus Rate
» SPAMfighter News - 07-11-2012