The first spam using the news of Osama Bin Laden’s death was seen in the wild within three hours of the event—Symantec reported this spam activity along with other spam samples in a blog entitled “Osama Dead” is No Longer a Hoax. As anticipated, we started observing a rise in malicious and phishing attacks.
Phishing attacks usually target big brands. In one such phishing attack capitalizing on Bin Laden news, spammers targeted CNN Mexico. The spam email contains a link to bogus “photos and uncensored videos” and redirects users to a phishing site:
The phishing site shows an auto-running Bin Laden related video in an iframe and asks the user to click on a link to download a “complete” video. Clicking on that link forces the download of an .exe file that is detected as Downloader:
Currently, our decoy probes are receiving multiple malicious spam samples in Portuguese, French, and Spanish. The links in this spam email dump Downloader onto the victim’s machine, which in turn downloads the actual malware. Further analysis of these attacks shows that most of the malicious attacks have originated from Brazil, Europe, and the U.S. Below are a few of the subject lines used in these malicious attacks, which refer to videos and photos of Osama Bin Laden:
Spammers are making an effort to not only push the messages into users’ inboxes, but also getting them to open and install the executable payload. Symantec provides multilayer protection—such as antispam, antivirus, and reputation services—to fend off these types of attacks. The links provided in the samples discussed above are tested in Norton Safe Web, which delivers Norton Warnings and a detailed threat report. Below is the Norton Safe Web report for one of the malware hosting domains:
Users should follow basic security practices and should not open any suspicious links or attachments received in unsolicited emails. Use message security and antivirus solutions from Symantec and frequently update your security software, which protects you from potential online viruses and scams.
Note: My thanks to Anand Muralidharan and Amit Kulkarni for contributed content.