Spam and phishing mail

Tomorrow’s spam – today

Geocities.com has been gone for a month now, and you’d have thought the spammers would be missing it. But one of the messages we got today shows that on the contrary, the spammers are looking forward to the future.

Here’s the message we got today – with tomorrow’s date on it. As most people configure their mail client to sort incoming messages by date, putting a future date on an email will ensure maximum visibility by putting it right at the top of the inbox.

The links in these messages lead to new Twitter accounts:

Which in turn link to a site looking very like a news portal. But the only working links here reference making money by working from home.

The account shown above also has tweets with links to typical Viagra and weight loss sites. It’s clear that spammers may be moving with the times by changing the tools they use, but they haven’t changed their message. And why should they, as long as there’s profit to be made?

Tomorrow’s spam – today

Your email address will not be published.

 

Reports

The SessionManager IIS backdoor

In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.

APT ToddyCat

ToddyCat is a relatively new APT actor responsible for multiple sets of attacks against high-profile entities in Europe and Asia. Its main distinctive signs are two formerly unknown tools that we call ‘Samurai backdoor’ and ‘Ninja Trojan’.

WinDealer dealing on the side

We have discovered that malware dubbed WinDealer, spread by Chinese-speaking APT actor LuoYu, has an ability to perform intrusions through a man-on-the-side attack.

APT trends report Q1 2022

This is our latest summary of advanced persistent threat (APT) activity, focusing on events that we observed during Q1 2022.

Subscribe to our weekly e-mails

The hottest research right in your inbox