When a server is upgraded, clients need to be updated or upgraded. Using this modus operandi, phishers have started sending spams in the name of system or mail administrators of the same company or organisation. Computer Emergency Response Team, India (CERT.in) has recently posted an alert that a new wave of spam emails, purportedly arriving from the organisation’s system/mail administrators /tech-support team, is being widely circulated.
These ‘highly personalised’ spam mails alert users to update/upgrade system software due to a recent server upgrade and includes an URL or ZIP attachment. It urges the users to click on the URL or open the attached ZIP file, and execute for updation. Some of the attached/downloaded malware are detected as ZBot /Cutwail variants.
This email message spoofs the sender email address so the sender looks like ‘tech-admin /support @organisation-domain -name’ and links are having this format: http:££updates.organisation-domain.secure.some-domain mail£id=-legitimateemail@ organisation-domain.com -patch407574.exe
To make it more convincing, the victim’s domain name is used as sub-domain and used throughout the message body along with the victim’s e-mail address.
A cyber crime expert said, “This is a new modus operandi which criminals have employed. This is just to break the company’s firewall by duping an employee. If one clicks on the attachment, he would be compromising not only his but also the company’s network.”
Source:
Bangalore Mirror Dtd. 22/10/2009
Article By Sameer Ranjan Bakshi
0 comments:
Post a Comment