Deprecated: Function create_function() is deprecated in /home/hidefide/public_html/blog/wp-content/plugins/wr-pagebuilder/core/core.php on line 127
{"id":537,"date":"2016-03-17T16:00:40","date_gmt":"2016-03-17T16:00:40","guid":{"rendered":"https:\/\/icaruspressblog.wordpress.com\/?p=537"},"modified":"2019-04-17T11:34:32","modified_gmt":"2019-04-17T11:34:32","slug":"massive-spam-attack-slips-past-spam-filters-on-its-way-to-australia","status":"publish","type":"post","link":"https:\/\/hidefideas.com\/blog\/2016\/03\/17\/massive-spam-attack-slips-past-spam-filters-on-its-way-to-australia\/","title":{"rendered":"Massive Spam Attack Slips Past Spam Filters on its way to Australia"},"content":{"rendered":"

$\"aust2\"$ What is it about Australia these days? Whether it\u2019s their tough stance<\/a> on spammers (Canada: take note<\/a>), surprising reports<\/a> about where the spam is coming from, or Aussies saying enough is enough<\/a>, the country that\u2019s so cool they called it a continent has been making all sorts of spam news recently, and this week, the country made the news again when a massive spam attack slipped past anti-spam filters and landed squarely in users\u2019 inboxes.<\/p>\n

Westpac, one of Australia\u2019s big four banks, is the latest target as Trojan laden spam hit more than 125,000 users in a focused attack on Thursday morning, and SC Magazine<\/a> reports that the amount of nasty emails has \u201cspiked into many hundreds of thousands of emails\u201d on Thursday, and that the number appears to be on the rise. Reports are a little fuzzy so far, but the spam messages appear to be packing W32\/Kryptik.KZ!tr and BackDoor.Slym.1498, two known Trojans. Apparently phishing emails, users were instructed to launch the attachment (presumably, some sort of banking notification) using Internet Explorer. The malware has been reported as some sort of remote backdoor Trojan, in other words, nasty stuff with which to become infected, and especially dangerous considering the scope of the attack and the pace at which it\u2019s propagating.<\/p>\n

\u201cAt least some of the phishing emails bear the attachment SecureMessage.zip and the sender address secure.mail@westpac.com.au,\u201d SC Magazine is reporting, and Bit.com<\/a> has reported that the message is being sent with the subject “WestPac Secure Email Notification.” Security professionals are reporting that the exact nature of the payload, while still being identified, is being delivered in variants. According to one spokesman, the spam has circumvented 42 out of 44 email antivirus software applications, not a great track record if you\u2019re a fan of\u2026uhm, I don\u2019t know, things actually working the way they\u2019re supposed to. “This is the biggest fast breaking email the tech guys can remember,” Anwar Ibrahim, a service delivery director stated. SC Magazine points out that \u201cAlmost 2000 unique IP addresses were logged sending the spam using a single filter, pointing to the United States, Peru and Australia in descending order.\u201d<\/p>\n

The attack also appears to be a scorched earth campaign, dispensing with targeted attacks in favor of indiscriminately blasting out as many emails as possible. Bit.com points out that institutions like banks are popular targets. \u201cFraudsters often use the names of trusted organisations such as banks, courier companies and government departments to encourage recipients to open emails containing malware. The Australian Taxation Office (ATO) [is] another name that’s popular with spammers, for example.\u201d The malware’s SHA256 hash is 5450eea52c6e04bcae760c6181c6c79198daa6e969fca406e0f9dd3b49212d48.<\/p>\n

This incident is just another day in the life of the war with spam. No offense to those affected, but we\u2019ve heard it so many times that it lacks the shock value that we might have felt ten years ago. It is a good \u2013 and timely \u2013 reminder that these things hit without warning, and that spammers will stop at nothing to line their pockets. That it hit so suddenly is not surprising. That it was so effective in slipping past detection software is. We seem to be seeing more and more attacks, which by design have managed not only to fool the anti-spam filters, they in fact are good enough to fool most users. And that\u2019s something we need to discuss.<\/p>\n

Spring is almost here. It\u2019s time to do a little spring cleaning. Check your filter settings and spam folders. How effective is it? Maybe a little tweaking is required. Use this opportunity to get your users together and share information. Use some of the more effective spam campaigns \u2013 like the one reported in this article \u2013 as real-world examples of what to look for. Scare your users if you have to. Remember, they don\u2019t know what you know. They\u2019re also very busy making sure their pay checks keep coming, so, unlike you, looking out for malware attacks is not in the forefront of their minds. Take the time to refresh on best practices, phishing methods, link spoofing, the dangers of clicking links and opening attachments, and email preview panes \u2013 all those things that put users at risk. Anti-spam filters are invaluable tools, but like any other tool, they\u2019re only as good as the person wielding it Awareness and vigilance are of utmost importance, because they\u2019re out there. The spammers won\u2019t stop until they\u2019ve got you.<\/p>\n

Stay safe.<\/p>\n","protected":false},"excerpt":{"rendered":"