Today our lab has detected a flood of spam messages that contain a malicious link from which malware is downloaded. We’ve seen more than 8,000 in a few hours.
These emails have the following subjects:
Fw:
FW:
Re:
RE:FW:
Re:Fw:
RE:
The content of these messages is just a link to a website. The following are some examples:
http://anonym<blocked>files.reda.co.kr/archive0714/?id=email@domain.com
http://archiv<blocked>edv.kr/archive0714/?id=email@domain.com
http://filearch<blocked>redb.or.kr/archive0714/?id=email@domain.com
http://files.re<blocked>co.kr/archive0714/?id=email@domain.com
http://files4friend<blocked>s1e3eq.co.uk/archive0714/?id=email@domain.com
http://incogni<blocked>reda.ne.kr/archive0714/?id=email@domain.com
http://postca<blocked>yrxc.kr/archive0714/?id=email@domain.com
http://secretarc<blocked>redn.kr/archive0714/?id=email@domain.com
http://secretfi<blocked>yrxo.co.kr/archive0714/?id=email@domain.com
http://sendsp<blocked>yrxs.co.kr/archive0714/?id=email@domain.com
If you click the link included in the message, you’ll be redirected to a website that requires you to download and install a fake Flash Player update in order to view the website:
If you click the icon “Get Macromedia Flash Playerâ€, a file called UPDATE.EXE will be downloaded to the computer. This file is not the latest version of Flash Player but a Trojan detected as Sinowal.WWY, which is designed to obtain information, like passwords, usernames or other confidential information.
Pay attention to the emails you receive in your inbox and if any of them is like this, just delete it.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
