A lot of malicious attachments in February’s spam came in emails allegedly sent by women who wanted to make new friends in the run-up to Valentine’s Day. Some attackers went even further by trying to hook recipients with the promise of explicit photos in archives attached to messages. There were also more conventional malicious mass mailings imitating fake notifications from popular social networking sites, including Facebook.
Altaf Halde, Managing Director, Kaspersky Lab – South Asia said, “Spammers are becoming more intelligent in masking their messages under the garb of offering something genuine to the recipients – be it Valentine’s day discount or news about Ukraine, etc. And once unsuspecting users have clicked or downloaded the email attachment, Trojans are downloaded without the user’s knowledge, which are capable of stealing data or even holding the data at ransom (encrypting the data and demanding money to decrypt the data, like CryptoLocker). Internet users in India should start taking their digital security seriously. With the number of threat vectors increasing alarmingly along with the rise of cybercriminal activities, it is imperative that Internet users in India protect themselves with genuine Internet Security or Anti-Virus software. With regards to spam, the government should initiate spam laws that will deter spammers from making India their safe havens.”
February’s love-themed malicious spam was dominated by Trojans, as the cybercriminals’ mass mailings targeted credulous users with a Trojan-Dropper. The Trojan installs two malicious programs on the system – one is spyware that steals all document files (*. Docx, *. Xlsx, *. Pdf) from the computer and sends them to a specific mailbox; another is IRC-bot/worm called ShitStorm which can carry out DDoS attacks on websites and spread copies of itself via MSN and P2P services. If recipients respond to this sort of email, their computer can easily become part of a botnet. In addition to Trojan spyware this month’s malicious spam included ransomware – a type of malware that blocks the user’s computer and then demands money to unblock it. The explicit photos also turned out to be malicious programs and among them was the Andromeda backdoor that allows cybercriminals to secretly control a compromised computer.
Yet another malicious program imitated fake notifications from major social networking sites. Messages allegedly sent on behalf of Facebook informed recipients that a lot had happened on friends’ news feeds since they last visited the site and they were prompted to open the attached archive to find out more. The archive contained the backdoor from the aforementioned Andromeda family.