Solera Networks: Malicious Spam E-mails Reporting ‘Confirmation’ Abounded in April 2013
Spam messages declaring to link an invoice, shopping receipt, airline ticket, or any other type of verification document was the prominent type of malware distribution in April 2013, Solera Networks recently.
Securityweek.com on April 30, 2013 said that the campaign started around April 4, 2013 and every spam message includes a link to a URL which pointed to a malicious zip file, Andrew Brandt, Director of Threat Researcher, claimed by Solera Networks.
The website downloaded a small zip file if the link is clicked by the user. This zip includes the Kuluoz Trojan. The malware seems to hide its evil nature via innocuous icon imitating a word processing or witing application, e.g. Microsoft word or Ultra Edit, Notepad-like software.
The message stays relatively still, however, the links transfer to a vast list of website which neither belong to the firm referred to in the phony email, nor to the malicious software purveyors. The URLs pursue a regular naming convention. The links stay lively for a small span of time (usually less than a day), but with many stolen websites on hand, the malware purveyors don't appear to be bothered. We observed no less than 126 separate domains employed in the campaign till the start of the month. All are governed by small organizations, businesses, or individual, Brandt blogged as printed by solernatworks.com on April 26, 2013.
Interestingly, compromised computers don't instantly call home after the malware is executed, but wait from 5 to 20 minutes prior to "blowing up with a deluge of beaconing, from 5 to 10 linking attempts per minute," Brandt noted, as reported by infosecurity-magazine.com on April 30, 2013.
To evade getting tainted by this malicious software, and social engineering campaigns similar to this one, webmasters and consumers alike must make certain that their AV products are up to date with the most recent signatures, and they must be very cautious of unwanted emails, as always.
The malware has quite a high rate of detection. "The signal-to-noise ratio of Kuluoz is extremely low," Brandt said. "Luckily, the huge sums of vociferous traffic make it actually simple to find contaminated systems."
» SPAMfighter News - 07-05-2013