Spam and phishing mail

No cause for celebration

Spammers were out in force for the USA’s Independence Day, celebrating the country’s diversity in all its glory, and illustrating Jefferson’s thesis that “all men…are endowed…with certain unalienable rights…Life, Liberty, and the pursuit of Happiness”.

First up was spam confirming the predictions of some security companies predicted that cybercriminals would celebrate the holiday with a spam run spreading Waledac (which we detect as Iksmas). What could be more life-affirming than a firework display? Unfortunately, the spam containing links to a fake YouTube video of the 4th July fireworks also pushed malware onto victim machines.

Next, the spammers exhorted recipients to celebrate freedom of choice by paying big bucks to a diploma mill:

And finally, why not pursue happiness by buying drugs online? This message linked to sites selling Xanax, Valium, Oxycontin and other prescription medications.

While you might get a temporary buzz (assuming the products are genuine) you may also find yourself with a nice little drug habit.

What price independence now?

No cause for celebration

Your email address will not be published. Required fields are marked *



APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

Subscribe to our weekly e-mails

The hottest research right in your inbox