Cutwail Botnet Launches yet another Spam Campaign

Researchers from M86 Security Labs have observed the Cutwail/Pushdo botnet reportedly executing one spam campaign that has different topics like Automated Clearing House, orders for airline tickets, scanned document, or Facebook notification.

Although there aren't any malware attachments in the mentioned spam mails, M86 states that the malicious payload gets launched through web-links that take onto sites, which host the malware.

In addition within Facebook, the payload is served through web-links like 'See all Requests' or 'Confirmation of Friend Request,' which on clicking, leads the user onto a malware-hosted site.

Meanwhile, the captions within the website-based spam look similar to Rick Mayor wants to be friends on Facebook or Alexander Tomlinson wants to be friends on Facebook. Noticeably, in these captions, the letter cases used are varied and the profile names too randomly chosen.

Further, the spam message may appear as one authentic Facebook notification. Nevertheless on inspecting carefully, it shows the inherent web-link diverts onto a malware-hosted site.

One more fake message, which tells the recipient bought a flight ticket using his credit card, is also the theme of this spam. Here too, clicking on the web-link to get more information takes the unwitting end-user onto a malicious site.

Occasionally, the websites that are connected to given links might actually be lawful; however, cyber-criminals perforce controlled them and inserted the same malicious content.

Additionally, security researchers state that the ACH-themed e-mails aren't circulating new, while expectedly Web-surfers are aware that they require being overlooked. However, the spam mails, which are supposedly scanned documents, can pose one real hazard, particularly within office-environments.

Eventually, electronic mails, which look like colleagues in office sent them, apparently containing an image that the office equipment designed must get regarded as immensely doubtful, especially because the sender's id could be conveniently spoofed so the e-mails appear no less than authentic.

Actually, in these e-mails, the provided URL leads onto an HTML file, which's the same attack toolkit that was earlier utilized within spam scams like those captioned as "Steve Jobs is Alive" or e-mails relating to phony LinkedIn notifications.

Conclusively, it's advisable that Web-surfers remain vigilant of such fake e-mails.

Related article: Cutwail Botnet Revives within 48 Hours of ISP Shutdown

» SPAMfighter News - 12/9/2011