Trustwave Warns Internauts about the Bogus Notifications Imitating the Firm

Security firm, Trustwave is bewaring naïve users to be attentive of the counterfeit notifications that seem to be coming from the company.

Titled as "Trust Keeper PCI Scam Notification," the fake e-mails pursue recipients to login to a portal to appraise a scan report.

"The content of the mail reads: this is an auto-generated e-mail to beware you that a Trust Keeper susceptibility scan of your network system discovered is at danger. This scan was given as a component of your PCI DSS compliance services from Trustwave," read the e-mail.

"If you wish to evaluate your scan report or modify your scan schedule, you may do so by managing your Trust Keeper at [link].

They are forwarded to domains if they connect on the URL that might shove malware onto their computers.

Explaining the scam in detail, the company claims that the phishes had copied the template of an actual Trustwave scan announcement, utilizing it to hand out Blackhole Exploit kit sites aiming universal Java, Flash and Reader developed to pollute victims with malware.

A Closer scrutiny of the unrefined e-mail directing the message was dispatched from Cutwail, a botnet tarnished for spamming out e-mail attached with malware or links to fake website. According to them, the Cutwail/Blackhole combination had been already blogged before. This kind of campaign is vintage Cutwail; we observe variations of this daily. The timing is supernatural; as recently it unconfined its general global security Report that concentrates Cutwail as a foremost distribution of malicious spam.

Trustwave observed that the obvious target of the campaign is the retail sector that would carry out PCI scans.

A spokesperson from Trustwave claims that it was the first time the company had been targeted, as said by Techworld.com dated February 25, 2013.

The security firm observes that Cutwail has been used in latest weeks to target brands e.g. Facebook, AT&T, Version and UPS- good enough standard for any phishing gang- although expanding to specialist security vendors is an interesting development.

Conclusively, these natural-looking malicious spams are a big threat. Organizations should be searching at various defensive layers to defend this threat, containing protected e-mail gateways, secure web gateways, antivirus, and last but not the least, user education, concludes the firm.

Related article: Trusted Websites Turn Green, Thanks To IE7

» SPAMfighter News - 3/8/2013