This chart represents email-borne virus and malware activity blocked by AppRiver filters during the month of August. In 2009, we saw a large spike of email-borne malware during the months of September, October and November. It looks like they are off to an early start in 2010, as we have already quarantined more than 140 million viruses during the past month alone. This is the highest level we have seen since 2009.
Early yesterday morning we began seeing a large malware campaign using fake headlines of celebrity deaths to peak interest. The message blast started at about 4am and within the first few hours were coming in at rates over 100,000 messages per hour. The messages claimed to be breaking news that a certain celebrity had died in a car crash.
Here is a look at one of the messages:
File name: CNN Hot News.zip (contains .exe by the same name)
Subject: Utilizes different celebrity names that do not always match the one in the message body
Here is a look at the traffic pattern for this campaign:
In all we have blocked 658,337 of these messages since we started seeing them on 8/25. They seem to have slowed to only a trickle at this point. Which is typical for a big virus push, typically they will blast out one campaign for 12-24 hours and after that the attack vector becomes stale and they will move on to the next one. Since we know that cybercriminals are always eager to take advantage of big news stories by sending out fake news alerts that often contain malware, it is not surprising to see them creating their own headlines.
The messages all contain CNN Hot News.zip (106 KB) (which contains the .exe file). The file attached is malicious and is a recent variant of a “downloader” that we have been seeing quite a bit lately. A downloader will simply open a backdoor on the target machine that can be used in the future to install one or multiple different types of malware.
Early yesterday morning we began seeing a large malware campaign using fake headlines of celebrity deaths to peak interest. The message blast started at about 4am and within the first few hours were coming in at rates over 100,000 messages per hour. The messages claimed to be breaking news that a certain celebrity had died in a car crash.
Here is a look at one of the messages:
File name: CNN Hot News.zip (contains .exe by the same name)
Subject: Utilizes different celebrity names that do not always match the one in the message body
Here is a look at the traffic pattern for this campaign:
In all we have blocked 658,337 of these messages since we started seeing them on 8/25. They seem to have slowed to only a trickle at this point. Which is typical for a big virus push, typically they will blast out one campaign for 12-24 hours and after that the attack vector becomes stale and they will move on to the next one. Since we know that cybercriminals are always eager to take advantage of big news stories by sending out fake news alerts that often contain malware, it is not surprising to see them creating their own headlines.
The messages all contain CNN Hot News.zip (106 KB) (which contains the .exe file). The file attached is malicious and is a recent variant of a “downloader” that we have been seeing quite a bit lately. A downloader will simply open a backdoor on the target machine that can be used in the future to install one or multiple different types of malware.
Powered by Compendium
Comments for Fake Headlines of Celebrity Death Leads to Malware Infection
blog comments powered by Disqus