High-profile death spawns malware-laden email

2013년 4월 15일 (월)

After news of former British Prime Minister Margaret Thatcher's death, it didn't take long for cybercriminals to start exploiting people with hoax emails laced with malware. A news source said one email contained a link that supposedly directed to news of Thatcher's death, however, it was found that it actually led to a website with malware. Specifically, users would be exposed to the Blackhole exploit kit, which is designed to infect users through browsers.

"In a feeble attempt to further convince potential victims that the link is safe, the subject of such emails often begins with a 'Fwd:' or 'Re:' prefix to make the message appear as if it's part of an ongoing conversation with a friend or other trusted contact," the report said. "In this case, the subject line reads 'Fwd: Re: Kissinger: Thatcher's Strong Beliefs' and contains a nearly identical link inside."

The test in this case found that the Blackhole malware installed the Cridex Trojan, which has become well-known for cracking CAPTCHA codes. This type of attack is referred to as a "drive-by download" where computers are infected as soon as they visit an infected page. Similar scam emails, for example, have had subject lines relating to popular TV shows, North Korea and other high-profile events to trick users into blindly clicking on a link.

When receiving any kind of link in an email, check where it directs to before clicking on it. This can be done by hovering the cursor over the link. If a suspicious or unknown URL comes up, the link may lead to a malware-laced website. Security solutions also exist that can scan links within email for malware so that users are protected regardless of whether they click or not.

Be smart online to avoid malware
Justin Phelps wrote on PCWorld that the best way to prevent any kind of attack from malware is to practice vigilance whenever using the internet.

"Do not trust anything associated with a spam e-mail," he wrote. "Approach e-mail from people you know with caution when the message contains links or attachments. If you are suspicious of what you are being asked to view or install, don't do it."

Postini를 사용하세요?  클라우드 응용프로그램 공급자의 보안으로는 충분하지 못할만한 이유