Tuesday, November 13, 2012

Time for XMas Themed Spam and Malware Campaigns

Anti-spam pros know that this is the time of year for XMas-themed spam to start arriving in user's inboxes. Your users will start receiving "You've received a Christmas Card" emails, with clickable links to "play your card". Of course, that installs malware on their machines and potentially adds them to a growing botnet. Here's an example of some subject lines types:
  • Christmas Gifts
  • $1,000 cash for Christmas!
  • kids project for Christmas
  • You have received a Christmas Card!
  • Combat your waistline in time for Christmas
                  It's important to be keeping an eye on incoming email campaigns, and watch what you click! Many antispam systems have a way for users to report any spam that happens to make it past them.  At CudaMail, our clients can use the Outlook Plugin to communicate directly and immediately with the appliances in the rare case that a message makes it in.                         The CudaMail team is keeping an eye on incoming volume and working to stay ahead of the expected campaigns, but get ready for the holiday season, - it's a great time for most of us, but to spammers it's just another opportunity.    

Posted by at No comments:

Monday, February 27, 2012

M86 Reports Cutwail Botnet is back in action

Recently, M86 Security has reported that the Cutwail botnet has been reactivated. Also known as Mutant, Pushdo and Pandex, their specialists report that they've seen several waves of emails infected with malicious javascript which probably came from Cutwail-infected computers. About 5 years ago, it led the botnet list with over 1.5 million infected computers. Original story: http://labs.m86security.com/2012/02/cutwail-drives-spike-in-malicious-html-attachment-spam/ The above are among botnets that are blocked by the CudaMail system.

Posted by at No comments:

Monday, January 23, 2012

Lilupophilupop Exceeds 1million infected pages

The Internet Storm Center published a story on the recent Lilupophilupop malware infections. They had originally written about it back in November.  1 month later, the infections had increased:
  • UK - 56,300
  • NL - 123,000
  • DE - 49,700
  • FR - 68,100
  • DK - 31,000
  • CN - 505
  • CA - 16,600
  • COM - 30,500
  • RU - 32,000
  • JP - 23,200
  • ORG - 2,690
In order to see if your site has been effected, search for "<script src="hxxp://lilupophilupop.com/" in google and use the site: parameter to hone in on your domain. For example, in Google type site:yoursite.com "<script src=hxxp://lilupophilupop.com/ ( note: we changed to hXXp so you don't actually go there. ) This is a nasty SQL Injection attack, so be careful when doing your investigation.   Original story is here. http://isc.sans.edu/diary/Lilupophilupop+tops+1million+infected+pages/12304    

Posted by at No comments:
Subscribe to: Comments (Atom)