Happy New Year, everyone! Despite the lack of blog updates over the Holidays, we continued to intercept malicious campaigns over the same period of time, proving that the bad guys never take holidays. In this post, I’ll profile two prolific, social engineering driven type of malicious spam campaigns that we intercepted over the Holiday season, and naturally (proactively) protected you from.
The first campaign successfully impersonates Adobe’s License Service Center, in an attempt to trick users into thinking that they’ve successfully purchased a Creative Suite 6 Design Standard software license key.
Sample screenshot of the first spamvertised campaign:
Detection rate for the spamvertised attachment: MD5: 10dbbaaceda4dce944ebb9c777f24066 – detected by 40 out of 48 antivirus scanners as TrojanDownloader:Win32/Kuluoz.D.
The second campaign, attempts to trick users into thinking that they’ve received a notice to appear in court.
Sample screenshot of the spamvertised attachment:
Detection rate for the spamvertised attachment: MD5: c77ca2486d1517b511973ad1c923bb7d – detected by 38 out of 47 antivirus scanners as TrojanDownloader:Win32/Kuluoz.D; Backdoor.Win32.Androm.bket.
Once executed the sample phones back to:
hxxp://220.127.116.11/798475540DFA75FE5945D24FA5CBF9A5578EB29359 (picasa.com.fidelidadeciel0.com is also known to have responded to 18.104.22.168)
Webroot SecureAnywhere users are protected from these threats.