Cutwail drives spike in malicious HTML attachment spam
(Publication) Google search: [1]
| Cutwail drives spike in malicious HTML attachment spam | |
|---|---|
| |
| Botnet | Cutwail |
| Malware | Cridex |
| Botnet/malware group | |
| Exploit kits | Phoenix |
| Services | |
| Feature | |
| Distribution vector | |
| Target | |
| Origin | |
| Campaign | |
| Operation/Working group | |
| Vulnerability | |
| CCProtocol | |
| Date | 2012 / February 16th, 2012 |
| Editor/Conference | M86 Security Labs |
| Link | http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/ (Archive copy) |
| Author | Rodel Mendrez |
| Type | |
Abstract
“ Over the past month, we have observed several large spam campaigns with malicious HTML attachments. We believe the botnet behind these campaigns is Cutwail. Here is data we collected, starting from the first day of 2012, illustrating spikes of spam with malicious HTML attachments:
Attaching an HTML file to an email is a tactic we have seen used in phishing. But recently, attackers have spammed out large volumes of HTML attachments that include malicious JavaScript. Here is an example we received a few days ago: In the image above, we opened message with the attached .HTM file using the Mozilla Thunderbird email client. Although Thunderbird rendered the HTML attachment, fortunately its default settings prevented the malicious JavaScript in the HTML source code from running. The Thunderbird user needs to click the attachment or open the HTML file in a browser for the JavaScript to run.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR901,
editor = {M86 Security Labs},
author = {Rodel Mendrez},
title = {Cutwail drives spike in malicious HTML attachment spam},
date = {16},
month = Feb,
year = {2012},
howpublished = {\url{http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/}},
}