2 min read

Spammed-out malware campaign contains offensive hidden message for anti-virus CEO

Graham CLULEY

April 29, 2016

Spammed-out malware campaign contains offensive hidden message for anti-virus CEO

There is no love lost between the people who write malware and the anti-virus companies who work hard to protect innocent users against them.

And occasionally that animosity spills out into the actual malicious code written by online criminals. Sometimes it might present itself in the form of code to attempt to avoid detection by a particular product, or techniques to avoid analysis in malware labs.

But sometimes… well, it just gets a lot more personal than that. And that’s what seems to have happened in a current malware campaign arriving in many users’ email inboxes today.

Here is what a typical malicious email looks like:

Spammed-out malware campaign contains offensive hidden message for anti-virus CEO

 

Subject: RE: Outstanding Account

Message body:

This is a reminder that your account balance of $5746.80 was overdue as of 28 April 2016.

Enclosed is a statement of account for your reference.

Please arrange payment of this account today or, if you cannot make full payment at this time, please contact us to make a payment arrangement that is mutually acceptable.

Regards,

Tonia Joseph

Sales Director

Have a nice day

The name and job title of the person contacting you is randomly chosen, as is the amount that you are being asked to pay and the date on which it became overdue.

Attached to the email is a .ZIP file (again, its precise filename varies) that contains the malicious payload.

The danger is, of course, that people who receive the email may click on the attachment (presumably in a mixture of outrage and confusion that they are being asked to pay a substantial amount of money) without thinking of the consequences.

For inside the ZIP is an obfuscated Javascript file which downloads further malicious code from the internet, designed to infect innocent victims’ PCs.

This isn’t an unusual disguise for online criminals to spread their attacks. In fact, these simple social engineering tricks have been proven to work time and time again – which is why it is so important for all computer users to exercise caution and be suspicious of unsolicited email attachments.

What makes this particular attack interesting, however, is if you take a closer look at the obfuscated Javascript inside the ZIP file.

Because it appears that whoever wrote the malware was unable to stop themselves from including an offensive message about Travis Witteveen, the CEO of anti-virus firm Avira, as well as a call-out to another security company – Vienna-based IKARUS Security.

Spammed-out malware campaign contains offensive hidden message for anti-virus CEO

 

“Travis Witteveen S**** N****’s c****”

Of course, neither of these companies are in anyway connected to the creation of the malware. It’s part of the job that all of us in the anti-virus industry get called names by online criminals from time to time. It’s part of the job and, to be honest, makes us feel like we must be doing something right!

VirusTotal reports that some anti-virus products are not yet identifying the malware, but Bitdefender security products detect both the ZIP and the .JS file as JS:Trojan.JS.Downloader.HU.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read