The payments-themed campaign is enticing users into clicking on on a malicious link which attempts to exploit client-side vulnerabilities targeting Java, Acrobat Reader etc. in between loading a scareware-serving page (antivirus_24.exe), tricking users into thinking they're infected with malware.
Sample subjects include:
- "Thank you for scheduling your online payment"
- "Thank you for your payment"
- "Thanks for planning your event with Evite"
- "Your Target.com order has been shipped"
- "Thank You, Your Anti-Virus Protection Plan has been renewed"
This campaign is directly related to last month's "Malware Watch: Malicious Amazon themed emails in the wild" campaign, as well as to the Xerox WorkCentre Pro scanned document themed campaign, with both campaigns managed by the same cybercriminals.
Windows users are advised to keep their 3rd party applications and browser plugins up-to-date, use least privilege accounts, securely handle active content, or completely isolate their Internet activities, in order to mitigate a huge percentage of the risk posed by such attacks.
Image courtesy of WebSense.