WhatsApp-themed spam campaign delivers malware
Posted on 16.12.2013
A new WhatsApp-themed spam campaign has been spotted targeting users of the popular IM service.

The spam email claims to be a notification about a voice message someone left for the recipient:


"The e-mail looks legit, and even the link is formed to make it look like a voicemail link with the little '/play' ending," points out SANS ISC CTO Johannes Ullrich.

But the thing that fascinated him the most is that the executable offered for download is adjusted to show a phone number that matches the location of the IP address from which the e-mail is downloaded from.

For example, downloading it from a computer located in his home got him VoiceMail_Jacksonville_(904)458abcd.exe, and from a server in Wayne, Pennsylvania resulted in VoiceMail_Wayne_(610)458abcd.exe (the last four digits have been obfuscated).

The file contains a spyware variant that is currently detected by only 8 out of the 49 AV solutions used by VirusTotal.

Another interesting thing is that, once run, the malware triggers Windows' Notepad and the text file contains the following notification: "Unknown ERROR! Please wait and try again later"

This is likely done to make users believe that the file they've tried to open is corrupted and can't be opened, and to prevent them to become suspicious and search for covertly installed malware.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //