Within the last few days, Commtouch Security Labs saw lots of malware campaigns of the same or at least a very similar type. The emails and notifications were sent in the name of big companies and brands. For further information the recipient should visit a certain website or open the email’s attachment – both ways led to malware.
Apple Store Gift Card
Today’s attack with the subject “Apple Store Gift Card†has a virus attachment as well as a malicious link in the message body. It is being detected by eight anti virus engines at the moment.
The included URL leads to a compromised site which has links to two different Javascript imports on other compromised servers. These codes redirect to a third level, where the actual malicious code is hosted. The final redirection analysis by VirusTotal shows that the site is already listed as malicious by a few vendors.
Notifications by UPS and MoneyGram
On Tuesday Commtouch detected a virus outbreak with fake notifications from UPS, subject: “UPS parcel notificationâ€.
The included link lead to a trojan (Commtouch: W32/Trojan.HATG-6756) as well as the attached zip document.
At the same time there has been another fake notification campaign in the name of DPD, a big logistic company in Germany, written in German and targeting German users:
It has almost the same content as the UPS samples: The addressee is informed about the exact delivery time of a pretended consignment. But in case they cannot make it, they have the chance to reschedule the time by using the attached formula (zip document) – which contains malware as well.
On Monday Commtouch reported a virus outbreak with fake notifications sent by MoneyGram:
In some of the samples Commtouch Security Labs saw, the transaction sum varied a bit – comparable to the varying amount of the Apple Store Gift Cards ($300 versus $200).
Spammers love to recycle
These at first sight different campaigns show that spammers are intrested in “recycling†their malware – in all cases the URL links and malicious attachments lead to the same type of trojan. They just choose new subjects and brands. The fact that comparable malware campaigns are targeted at different countries and regions at the same time supports the result of Commtouch’s Q2 Internet Threats Trend Report: the strong increase in regionalized malware distribution.