Spam and phishing mail

Spam and the death of Osama bin Laden

As we mentioned in a previous blog post, every time there is news of global interest, cybercriminals try to exploit that interest for their own malicious purposes. The death of Osama bin Laden was no exception – it was used in spam as well as black hat SEO.

We have detected two spam mailings capitalizing on the news of Bin Laden’s death, both of which were used to distribute malware.

One included a password-protected ZIP archive. The message subject was: “pictures of osama bin laden dead?”

What is strange about the mailing is that the text was taken from a standard spam message which is supposedly sent by a girl who wants to introduce herself to a man and is asking him to have a look at pictures of her that are attached.

The archive contained malware detected by Kaspersky Lab products as Trojan-Dropper.MSIL.Pakes.b.

The other malicious mailing exploiting Bin Laden’s death included links supposedly to a video showing the moment he was killed.

The message was in Spanish and was designed to look like a news mailing from CNN News. However, instead of leading to the site of the well-known news service, links in the message took users to a page on a Russian domain which dropped Backdoor.Win32.Ruskill.v on the user’s machine.

Because a number of world events have been attracting the general public’s attention of late, spammers have increasingly been using ‘fake news’ to distribute malicious code.

I would like to urge users once again to be careful. Remember that your curiosity and carelessness could result in serious problems for your computer and the loss of personal data or even money.

Spam and the death of Osama bin Laden

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox