Spammers’ New Spam Campaign Exploits Syrian Crisis

Trusteer the security company has warned that spammers are sending one fresh wave of junk electronic mails as they exploit people's increased enthusiasm in the present political turmoil in Syria, while an US attack is apprehended.

To begin, the spam outage involves one fake news e-mail that is dispatched supposedly from Cable News Network (CNN) alternatively British Broadcasting Corporation (BBC) about the Syrian situation. Captioned as "The United States Began Bombing," the spam mail is crafted for drawing recipients' attention.

Security researchers state that the web-links embedded on the spurious messages lead onto one watering hole website related to an authentic site, which has been hijacked for harboring one attack code.

This attack code abuses CVE-2013-0422 a vulnerability that helps bypass the security manager of Java 7. Oracle already issued a security patch for the flaw.

Following successful exploitation of the vulnerability, 3 malicious programs are delivered via downloading in dual phases that infect the host PC.

During its first phase, the attack triggers a credential-stealing malware, Trojan PWS Win32/Fareit that pretends to be Adobe Flash's updating program.

During the subsequent stage, Trojan Fareit recovers an installer belonging to the Medfos group-of-malware such that sinister browser extensions are pulled down, search engine hits diverted as also click-frauds executed.

Fareit also installs ZeuS, the notorious bank info-stealing Trojan in a variant called ZBot Gameover.

Elaborating on how the malware functions, Security Expert Dana Tamir at Trusteer posted on company blog that it particularly attacked to collect system information, banking details as well as Internet credentials. However, it was possible to customize the malware with the help of an exploit kit for garnering any other data. That was accomplished through configuration files being tailored which the attacker already incorporated inside the Trojan downloader. After sometime, the attacker could further update the files for collecting more information, Dana wrote. Trusteer.com published this dated September 12, 2013.

The above mentioned Trojans enabled cyber-criminals seize login details along with other confidential data stored on victims' machines. Like always, those stolen materials were then utilized for carrying out advance targeted assaults or financial fraud vis-à-vis any business establishment, Dana concluded.

» SPAMfighter News - 9/21/2013