Popular brands impersonated in latest malware campaign

Popular brands impersonated in latest malware campaign

Summary: Multiple vendors are reporting on a currently ongoing scareware and client-side exploits serving, spam campaign, impersonating Best Buy, Chase, Macy's, Target.com and Evite.

SHARE:

Multiple vendors are reporting on a currently ongoing scareware and client-side exploits serving, spam campaign, brand-jacking Best Buy, Chase, Macy's, Target.com and Evite.

The payments-themed campaign is enticing users into clicking on on a malicious link which attempts to exploit client-side vulnerabilities targeting Java, Acrobat Reader etc. in between loading a scareware-serving page (antivirus_24.exe), tricking users into thinking they're infected with malware.

Sample subjects include:

  • "Thank you for scheduling your online payment"
  • "Thank you for your payment"
  • "Thanks for planning your event with Evite"
  • "Your Target.com order has been shipped"
  • "Thank You, Your Anti-Virus Protection Plan has been renewed"

This campaign is directly related to last month's "Malware Watch: Malicious Amazon themed emails in the wild" campaign, as well as to the Xerox WorkCentre Pro scanned document themed campaign, with both campaigns managed by the same cybercriminals.

Windows users are advised to keep their 3rd party applications and browser plugins up-to-date, use least privilege accounts, securely handle active content, or completely isolate their Internet activities, in order to mitigate a huge percentage of the risk posed by such attacks.

Image courtesy of WebSense.

Topics: Collaboration, Malware, Security, Social Enterprise

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion