Cutwail drives spike in malicious HTML attachment spam

From Botnets.fr
Revision as of 21:57, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " labs.m86security.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

Cutwail drives spike in malicious HTML attachment spam
Cutwailbackm86.png
Botnet Cutwail
Malware Cridex
Botnet/malware group
Exploit kits Phoenix
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2012 / February 16th, 2012
Editor/Conference M86 Security Labs
Link http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/ (Archive copy)
Author Rodel Mendrez
Type

Abstract

Over the past month, we have observed several large spam campaigns with malicious HTML attachments. We believe the botnet behind these campaigns is Cutwail. Here is data we collected, starting from the first day of 2012, illustrating spikes of spam with malicious HTML attachments:

Attaching an HTML file to an email is a tactic we have seen used in phishing. But recently, attackers have spammed out large volumes of HTML attachments that include malicious JavaScript. Here is an example we received a few days ago: In the image above, we opened message with the attached .HTM file using the Mozilla Thunderbird email client. Although Thunderbird rendered the HTML attachment, fortunately its default settings prevented the malicious JavaScript in the HTML source code from running. The Thunderbird user needs to click the attachment or open the HTML file in a browser for the JavaScript to run.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR901,
   editor = {M86 Security Labs},
   author = {Rodel Mendrez},
   title = {Cutwail drives spike in malicious HTML attachment spam},
   date = {16},
   month = Feb,
   year = {2012},
   howpublished = {\url{http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/}},
 }