Trustwave Detects Spam Mails Tainted With Andromeda the Cutwail Bot-Installer
Trustwave warns of one new spam mail outbreak that the notorious Cutwail network-of-bots has been distributing while spreading Andromeda (also known as Gamarue), a bot-loader that pulls down the ZeuS bank info stealing Trojan.
Trustwave's malware research group 'Spiderlabs,' after examining a sample of the unsolicited electronic mails, reveals that the message is spoofed to appear like information sent from firstname.lastname@example.org.
Unlike any normal spam mail, the current one has no typographical or grammatical mistakes, and it appears formal and authentic, while exhibits Qantas' logo. For its caption, the e-mail uses "Booking reference 46810991." However, there's typically one zipped attachment that carries one .exe file containing the Andromeda malware.
The e-mail tells the recipient that a receipt is given whose print out he has to take for bringing it along to the airport for the checking-in routines there. This will be proof that he bought a ticket. Incidentally, "Manage Your Booking" print out won't get accepted, the message indicates.
Trustwave's researchers remark that any receiver of the e-mail who has really bought one ticket to fly on Qantas can pretty well get tempted for reading what's inside the attachment; more recipients may do the same to douse their curiosity.
First found during 2011, Andromeda, of late, re-emerged when spam campaigns over recent weeks attacked, carrying the infection.
And as Trustwave says, cyber-crooks, since 2012, have been repeatedly dispatching Andromeda loaders in their spam schemes. Each time the topics are different from tax, courier, flight, invoice, payroll, hotel, social media, to more.
Usually, the spam schemes look quite lawful and are difficult for recognizing as malicious. However, a careful user will, without difficulty, distinguish one fraudulent e-mail from an authentic one. A technically-skilled person may wish for checking any .exe file's presence in the attachment. But, since this is very difficult for most Internauts, it's best to be distrustful of any uninvited e-mail, particularly if it isn't expected. If the sender can't be verified, erasing the message should be most appropriate. Further, web-links within such e-mails shouldn't be clicked, advises Security Researcher Rodel Mendrez of Trustwave. Blog.spiderlabs.com published this dated June 26, 2013.
» SPAMfighter News - 06-07-2013