M86 Security and Kaspersky Lab are reporting on a currently ongoing Japan quake themed spam campaign which leads to scareware and client-side exploits. Spammed using the Cutwail/Pushdo botnet, the campaign is using an event-based social engineering theme in order to trick users into clicking on the malicious links.
Upon clicking on the link the user is exposed to client-side vulnerabilities, ultimately dropping a scareware variant.
Millions of users continuing to clicking on links in spam emails.
Meanwhile, users are advised to browse the Web in a sandboxed environment, using least privilege accounts, NoScript for Firefox, and ensuring that they are free of client-side exploitable flaws.