Today’s Malware Watch features two spamvertised malware campaigns, a malicious mobile application, and a case where an Ambulance dispatch system got infected with malware, resulting in system downtime.
- Localized and spamvertised malware campaing - According to Sophos Labs a currently spamvertised malware campaign is enticing the end user into downloading and decrypting a password-protected archive in order to obtain the non-existent pictures.
- A second spamvertised campaign is relying on bogus Federal Deposit Insurance Corporation (FDIC) notices sent with malicious PDF files attached. In terms of QA (Quality Assurance), this campaign demonstrates a good example of what happens when QA is not in place. For instance, although image attached says the email is from the FDIC, the actual subject claims to be a United Parcel Service notice.
- Just in time for Saint Valentine’s day, cybercriminals have started distributing love_mms.rar. According to Microsoft’s Malware Protection Center, once infected, the mobile malware will start sending SMS messages to premium Russia based number in order to generate revenue for the cybercriminals.
- According to Australia’s ABC News, an ambulance dispatch system got infected with malware, with the staff switching to manual mode for accepting calls. The situation with the CAD systems is now resolved. “Our two biggest centres, in Newcastle and Sydney, were brought back online yesterday afternoon, Mr Willis said. Overnight our centre at Dubbo has also been brought back online and our final and remaining centre at Wollongong it is anticipated it will be up and running later this morning.“
Users are advised to browse the Web in isolated environments, and ensure their PCs are free of client-side vulnerabilities. Mobile device users are advised to exercise extra caution when downloading Saint Valentine themed applications, and related files that may be attached to the emails.
See also:
- Malware Watch: Rogue Facebook apps, fake Amazon orders, and bogus Adobe updates
- Malware Watch: iTunes gift certificates, Skype worm, fake CVs and greeting cards
- Malware Watch: Malicious Amazon themed emails in the wild
- Malware Watch: Skype exploit, Skype-themed malicious spam campaigns detected
- Malware Watch: Adobe zero day attack, malicious FIFA-themed spam, exploit serving Virus Alerts
- Malware Watch: Twitter password reset emails, IRS-themed crimeware, malicious PDFs, and fake YouTube pages
- Malware Watch: Fake Patch Tuesday emails, fake MSRT tool, spamvertised Bredolab, Android mobile malware
