Tuesday, March 13, 2012

"Bad Photo" Spam Now Using Malicious Links

Bad Photo SpamSince the beginning of March, we have been monitoring a “bad photo” spam campaign attempting to infect user PCs with malware.

For the most part, the messages were fairly similar to one another – the subject line either asked if it was you in the photo or hinted that the photo was sent by an ex, the body of the email carried a dose of morbid humor and an attached zip file named “photo.zip” contained the Gamarue.B worm.

However, judging from the spam email we received this morning, it appears as though the bad guys behind this spam campaign have opted to begin using malicious links in lieu of file attachments:
Subject: You have to explain yourself, this is really serious
From: Abbie Abdur (AleeshaAbbassi[at]mail.com)

Sorry to disturb you [EMAIL],
Can you provide any sort of explanation for this?? Where did you get my pictures u sent me in this email? You know that I can sue you for that??? Your crap is in the there: hxxp://bj04.com/myimg/?IMG1575.jpg

(Warning: Do NOT visit the URL included above.)

Should a recipient click the link, they will be redirected to a malicious site housing the Blackhole Exploit Kit,  which will attempt to exploit two system vulnerabilities – one in Adobe Reader (CVE-2010-0188) and the other in Windows Help & Support Center (CVE-2010-1885) – both of which could open a backdoor on the target machine and grant an attacker remote access. All of this will happen silently in the background as the end-user is shown the following message: "Please wait page is loading..."

If you receive any “bad photo” spam message similar to the ones we’ve previously outlined, it’s strongly advised that you:

  • Do NOT click any embedded links.

  • Do NOT download or open any attached files.

  • Delete the messages immediately

Additionally, it may also prove worthwhile to check out a previous blog post on how to spot a malicious image link. It could save you from clicking on a dangerous link posing as a harmless image link (like the one in the spam email) in the future.

Stay safe, everyone!

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

No comments:

Post a Comment