Two Different Spam Campaigns Exploiting Syria’s Political Situation Spotted

HELP NET SECURITY reported on 9th September 2013 that Symantec and Kaspersky Lab have spotted two separate spam campaigns, which are taking advantage of the current political situation in Syria.

Security experts of Symantec comments that the first one consists of an email with an attachment stating "Dear sir, please find the attachment" and urging the user to open the attachment which is the chemical attack in Syria.doc file.

The file contains a recent article of Washington Post and specially crafted to exploit a Microsoft Internet Explorer vulnerability (CVE-2013-2551). If it gets success, then it secretly installs the Korplug Trojan into the targeted machine, which opens a backdoor into it, and hence attackers may exfiltrate confidential information.

The second malicious email is even more dangerous as it looks like it has been sent by CNN (Cable News Network) claiming that US has already started bombing of Syria and has dropped around 15 bombs on Damascus.

Clicking on links furnished in the email will take the browser of the victim to cynical WebPages', which are designed to contaminate PCs with computer Trojan horse by abusing vulnerabilities in Java and Adobe Reader.

Securelist.com published news on 6th September 2013 quoting a statement of Kaspersky as "The attackers prefer using Java exploits over the Adobe Reader exploit because Java exploits are usually more dependable".

The security experts advised that if you have updated your fittings of Java and Reader with the most recent security patches and also running an updated antivirus program, then you ought to be sheltered from the recent threat but the cybercriminals could update their assault any time to abuse unpatched flaws. However, the best defense would be to shun clicking on the ruthless links in the foremost place.

Kaspersky also cautioned of other ways of getting Internauts to click on links in emails.

It said that such tactics may embrace fake PayPal and Facebook emails in addition to URL-shortening services.

Kaspersky said, "It's not amazing to see cybercriminals leap on actualities. If US decide to take armed forces action against Syria, we can anticipate more Syria-themed malicious emails".

» SPAMfighter News - 9/16/2013