The spam email in question is a fake “You received a voice mail” notice that offers both a malicious link and a malicious attachment.
The latter holds a variant of the Upatre Trojan, which downloads and installs a Zeus Trojan variant. As recently noted, the Upatre downloader is a favorite tool of the Cutwail botmasters, who were previously using Blackhole almost exclusively.
“Long term, it’s unclear what this indicates. It may mean that attackers are turning to another exploit kit to replace BHEK as a long-term solution, but we cannot say for sure,” the researchers concluded.
On the other hand, this malicious spam campaign might also indicate that at least some peddlers are not very prompt when it comes to reacting to changed circumstances, or do not care that much and simply choose to rely on users downloading the attached malware.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.