Cybercriminals are quick to capitalize on the Stratfor database leak, and are currently spamvertising malicious emails impersonating the company.
Researchers from Barracuda Labs have intercepted a malicious email campaign impersonating the company. Using “Stratfor: Beware of false communications” subjects, the emails contain a PDF file enticing end and corporate users into downloading an antivirus package (supposedly McAfee).
Detected as PWS-Zbot.gen.ry, the bogus antivirus package will harvest stored passwords from the infected hosts and send them back to the command and control server. Moreover, the malware will scan the local hard drive for .PDF, .XLS and .DOC files, and will upload them to a remote site, relying on the File Transfer Protocol (FTP).
Users are advised to avoid interacting with the emails, and immediately report them as spam/malicious.