Endpoint Protection

While everyone is still in shock from Monday's 6.3-magnitude quake in Italy, spammers are unfortunately capitalizing on this event.

Not long ago, we monitored an inbox burst with a fake news headlines focusing on Hollywood celebrities, popular politicians and current events which spread malware through attachments.

Sample subject lines were:

• “Britney Spears Overdose”
• “Lindsay Lohan crashes brand new Lamborghini”
• “Beijing Olympics cancelled upon the death of China's president”
• “Obama bows out of presidential race.”

Sample headers and body text:

Sample 1

attachment filename= "never.exe"
From: <xxxxxxxxxx@xxxxxxxxx.xxxx>
Subject: URG

President Bush DEAD! Read attached file!

Sample 2

attachment filename= "a.exe"
From: <xxxxxxxxxx@xxxxxxxxx.xxxx>
Subject: Incredible news!

President Putin dead! Read more in attached file!

Sample 3

attachment filename= "latest news.exe"
From: <xxxxxxxxxx@xxxxxxxxx.xxxx>
Subject: ATTN TO EVERYBODY!

Nuclear War in Russia! Read news in file!

Spammers still favor this type of social engineering technique, playing on users’ curiosity. Spammers use current events and news headlines to trick readers into installing malware. Recipients should be vigilant in protecting themselves against this type of spam.

Today, we observed scam emails sent from randomized email accounts with Italy quake news subject lines.

We see one randomized text line in the body that has no relation to its subject sent to random email lists.

Although there are no malicious attachments found in this type of scam, spammers could still validate active email accounts when recipients open their email or system bounce notifications for inactive account lists.

The following are sample subject lines observed today:

• “A glance at towns damaged by quake in Italy”
• “Quake-prone Italy lags in quake-proofing buildings”
• “A glance at victims and damage in Italy's quake”
• “Scientist Claims He Predicted Italy Quake”
• “Italy seeks survivors, prepares to bury quake dead”