Difference between revisions of "Cutwail drives spike in malicious HTML attachment spam"

(Publication) Google search: [1]

Cutwail drives spike in malicious HTML attachment spam
Botnet	Cutwail
Malware	Cridex
Botnet/malware group
Exploit kits	Phoenix
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date	2012 / February 16th, 2012
Editor/Conference	M86 Security Labs
Link	http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/ labs.m86security.com (labs.m86security.com Archive copy)
Author	Rodel Mendrez
Type

Abstract

“ Over the past month, we have observed several large spam campaigns with malicious HTML attachments. We believe the botnet behind these campaigns is Cutwail. Here is data we collected, starting from the first day of 2012, illustrating spikes of spam with malicious HTML attachments:

Attaching an HTML file to an email is a tactic we have seen used in phishing. But recently, attackers have spammed out large volumes of HTML attachments that include malicious JavaScript. Here is an example we received a few days ago: In the image above, we opened message with the attached .HTM file using the Mozilla Thunderbird email client. Although Thunderbird rendered the HTML attachment, fortunately its default settings prevented the malicious JavaScript in the HTML source code from running. The Thunderbird user needs to click the attachment or open the HTML file in a browser for the JavaScript to run.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR901,
   editor = {M86 Security Labs},
   author = {Rodel Mendrez},
   title = {Cutwail drives spike in malicious HTML attachment spam},
   date = {16},
   month = Feb,
   year = {2012},
   howpublished = {\url{http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/ labs.m86security.com}},
 }