Spam Filtering

Spam-Filter.com

Spam Filtering News

 

Cutwail Botnet Showing Altered Spam Tactics
*Spam Filter Service News for January 16, 2017


The spam botnet Cutwail is now working differently -it's distributing its bulk e-mails in massive numbers within every period of only few minutes thus attacking Internauts in millions within each single outbreak, states Symantec the security company.

Also according to Symantec, the spam mails rather than having malicious attachments contain web-links which take onto Upatre the malware installer for the Dyre banker Trojan.

A usual style is followed in the bait: the header declares vital message inside the e-mail posing as arriving from one genuine organization which the would-be victim may recognize else mayn't.

Often, e-mails associated with any financial matter like bank account report, invoice, tax return, fines etcetera thus far have been observed as drawing recipients' attention resulting in compromise of their accounts.

As per Symantec, sometimes the web-links take onto phishing sites which mimic login sites related to financial facilities that various organizations provide.

Security Researcher Nick Johnston from Symantec explains that the e-mail's objective pertains to making the recipient follow the given web-address that'll either take onto a phishing site or malware. An identical URL structure is used within all the assaults, wherein there's one hijacked legitimate domain in the URL, Johnston says. Softpedia.com reported this, January 28, 2015.

Incase an end-user follows the URL inside the junk e-mail, he lands on a web-page, which references one JavaScript file that's externally sourced.

The URLs that are referenced to in the spam mail seem as though they link with genuine JQuery files, which are well-known JavaScript library utilized to enforce web UI functions as well as frequently have websites self-host them. Web-addresses leading onto JQuery files can be found within HTML code also to make script tags utilized in this instance not appear odd when glanced at. Evidently, the said URLs, which seemingly lead onto immovable JavaScript files, don't really give back immovable content. Whenever a new query is performed to a URL again-and-again, the content returned nevertheless varies while being characteristically extremely confusing JavaScript code, a confusion that gets created with JJEncode a method which's though inefficient, easy to identify as also solely works within specific Web-browsers, thus recommended against applying.

RSS Link Subscribe to Spam News Subscribe