HackDig : Dig high-quality web security articles for hacker

Spammers Cast Email Snares for Holiday Shoppers

2014-12-03 23:00

ThreatTrack Security Labs recently identified some unsurprising holiday shopping threats via a seasonal malware delivery ploy: malicious holiday shopping spam.

This particular campaign targeted customers of major retailers with a Thanksgiving Day message, but it would be best to stay on guard for similar ploys throughout the holiday season as predicted recently.

Some of the falsified retailer information includes Best Buy, Target, Costco, Kroeger and Home Depot, such as those reported over at TechHelpList.

Example email:


Email text:

E-shop Best Buy has received an order addressed to you which has to be confirmed by the recipient within 4 days.

Upon confirmation you may pick it in any nearest store of Best Buy.

Detailed order information is attached to the letter.

Wishing you Happy Thanksgiving!

Best Buy

The spam email entices recipients to click on a link to see further information about their order. This malicious link downloads a fake “order information” zip file, which contains the Asprox/Kuluoz exe Trojan.

Sample malicious links:

  • hxxp://kapsourcing.com/blog.php?dp=HjfXKcld9XbxdykcP5puw…
  • hxxp://lannasilvercm.com/user.php?dp=eH/E/JhqQkx/0pMOLyLb…
  • hxxp://osmani.net/diff.php?dp=d5EqMyV3VXak6ztsgq77vgBD…
  • hxxp://perpersoon.com/help.php?dp=dg346+8NzWHY0EDkIkdXZA7X…
  • hxxp://reebate.com/pm/file.php?dp=VooGqDfxFP85tietLum2…

VIPRE Antivirus detects this particular strain as Trojan.Win32.Kuluoz.cnyj (v).

The zip file adds an additional layer of deception by using an IP lookup from the recipient’s area and implements his/her city name in the filename of the zip.

When opened, the Trojan connects the user’s PC to the Asprox botnet.

Once infected, a victim’s PC can be used for whatever function the threat actor intends. Common uses include:

  • ad fraud
  • stealing passwords
  • sending more malware spam

Shop Secure

The Department of Homeland Security has a great post on how to stay safe online this holiday season. Some of their suggestions include:

Use and maintain anti-virus software and a firewall. Protect yourself against viruses and Trojan horses that may steal or modify the data on your computer and leave you vulnerable.

Shop on reliable websites. Take a look at the website’s trademark or logo to make sure it’s valid. Also, pay attention to the website’s URL. Malicious websites may look identical to a legitimate website, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).

Look for the lock. When shopping online, check the lower-right corner of your screen for the padlock symbol and make sure the website address begins with “https://” before entering your shipping, billing, or payment information. This symbol means that you’re using a website that is secure and which encrypts the data you send or receive.

Credit: ThreatTrack Security Labs Malware Researchers Matthew Mesa and Robert Stetson

The post Spammers Cast Email Snares for Holiday Shoppers appeared first on ThreatTrack Security Labs Blog.

Source: /gTOLNut8PAE/3~/ytiruceskcarttaerht/r~/moc.elgoog.yxorpdeef

Read:7316 | Comments:0 | Tags:Featured Scams ThreatTrack Security Labs asprox best buy hol

“Spammers Cast Email Snares for Holiday Shoppers”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud