Do not let curiosity get the better of you (and your network security) if an email arrives in your inbox suggesting that the CIA or FBI played a role in the death of Venezuelan president, Hugo Chavez. Researchers at Kasperky, which is one of the anti virus components of SpamTitan anti spam, intercepted a spam email the purpose of which was to get recipients to click one of the URLs in the email body. These links then direct recipients to a malicious website hosting the BlackHole 2.0 exploit pack. ‘The payload dropped was not disclosed; however, 8/46 antivirus programs were able to detect the exploit code’.
These spam emails contain links to malware infected sites and infected attachments.
There are several malicious emails currently doing the rounds using the subject of Hugo Chavez’s death to lure unsuspecting recipients. Generally the spam emails will attempt to stir peoples curiosity and direct them to websites, some hijacked that host malware. Whenever there's a big story in the news — a natural disaster, a major election, a celebrity wedding — you can be sure online scammers will try to exploit it. Criminals use a variety of formats including emails containing links to malware infected sites and infected attachments.
Spam like this will continue to exist as long as it is profitable and with growing numbers of people on line spammers have a growing market of millions of people for their spam. It’s purely a numbers game, the greater the market for the spammers the greater chance of a response and therefore the greater the reward. To prevent these spam attacks, organisations need to remain vigilant and follow proven guidelines such as not clicking on links or attachments in unsolicited emails.
To avoid becoming a victim of a spam / phishing attack there are a few simple rules:
- Don't trust any unsolicited email, ever.
- Never “unsubscribe” from a service you haven’t subscribed for in the first place. You are literally handing your email address to spammers to use for future and possibly more targeted attacks.
- If you interested in an offer contacting the company behind the message by phone and verify that the message is genuine.
- Keep your company security solutions valid and up to date so that you can secure your organisations network.
- Employees and other insiders actions are responsible for the majority of security breaches, a culture of security awareness is an important factor in preventing these security failures.