Within the last few days, Commtouch Security Labs saw lots of malware campaigns of the same or at least a very similar type. The emails and notifications were sent in the name of big companies and brands. For further information the recipient should visit a certain website or open the emailâ€™s attachment â€“ both ways led to malware.
Apple Store Gift Card
Todayâ€™s attack with the subject â€œApple Store Gift Cardâ€ has a virus attachment as well as a malicious link in the message body. It is being detected by eight anti virus engines at the moment.
Notifications by UPS and MoneyGram
On Tuesday Commtouch detected a virus outbreak with fake notifications from UPS, subject: â€œUPS parcel notificationâ€.
The included link lead to a trojan (Commtouch: W32/Trojan.HATG-6756) as well as the attached zip document.
At the same time there has been another fake notification campaign in the name of DPD, a big logistic company in Germany, written in German and targeting German users:
It has almost the same content as the UPS samples: The addressee is informed about the exact delivery time of a pretended consignment. But in case they cannot make it, they have the chance to reschedule the time by using the attached formula (zip document) â€“ which contains malware as well.
On Monday Commtouch reported a virus outbreak with fake notifications sent by MoneyGram:
In some of the samples Commtouch Security Labs saw, the transaction sum varied a bit â€“ comparable to the varying amount of the Apple Store Gift Cards ($300 versus $200).
Spammers love to recycle
These at first sight different campaigns show that spammers are intrested in â€œrecyclingâ€ their malware â€“ in all cases the URL links and malicious attachments lead to the same type of trojan. They just choose new subjects and brands. The fact that comparable malware campaigns are targeted at different countries and regions at the same time supports the result of Commtouchâ€™s Q2 Internet Threats Trend Report: the strong increase in regionalized malware distribution.