Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Cutwail Botnet Showing Altered Spam Tactics; Symantec

The spam botnet Cutwail is now working differently -it's distributing its bulk e-mails in massive numbers within every period of only few minutes thus attacking Internauts in millions within each single outbreak, states Symantec the security company.

Also according to Symantec, the spam mails rather than having malicious attachments contain web-links which take onto Upatre the malware installer for the Dyre banker Trojan.

A usual style is followed in the bait: the header declares vital message inside the e-mail posing as arriving from one genuine organization which the would-be victim may recognize else mayn't.

Often, e-mails associated with any financial matter like bank account report, invoice, tax return, fines etcetera thus far have been observed as drawing recipients' attention resulting in compromise of their accounts.

As per Symantec, sometimes the web-links take onto phishing sites which mimic login sites related to financial facilities that various organizations provide.

Security Researcher Nick Johnston from Symantec explains that the e-mail's objective pertains to making the recipient follow the given web-address that'll either take onto a phishing site or malware. An identical URL structure is used within all the assaults, wherein there's one hijacked legitimate domain in the URL, Johnston says. Softpedia.com reported this, January 28, 2015.

Incase an end-user follows the URL inside the junk e-mail, he lands on a web-page, which references one JavaScript file that's externally sourced.

The URLs that are referenced to in the spam mail seem as though they link with genuine JQuery files, which are well-known JavaScript library utilized to enforce web UI functions as well as frequently have websites self-host them. Web-addresses leading onto JQuery files can be found within HTML code also to make script tags utilized in this instance not appear odd when glanced at. Evidently, the said URLs, which seemingly lead onto immovable JavaScript files, don't really give back immovable content. Whenever a new query is performed to a URL again-and-again, the content returned nevertheless varies while being characteristically extremely confusing JavaScript code, a confusion that gets created with JJEncode a method which's though inefficient, easy to identify as also solely works within specific Web-browsers, thus recommended against applying.

» SPAMfighter News - 2/6/2015

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page