Thursday, October 24, 2013

Spammers Use #Kenya #Westgate Terrorist Attack to Spread Malware

Spammers are now leveraging news around the #Kenya #Westgate terror attack by targeting users through an email message that claims to contain news on the attack but in fact contains malware. The spam email includes a malicious URL in the body of the message that redirects users to a compromised Web page that downloads W32.Extrat.
When the malware is executed, it may create the following file:
  • %Windir%\installdir\server.exe
This allows the attacker to steal passwords and gain access to sensitive files and information belonging to the user.
Screenshot of spam email asking user to download .exe file

The email displays a message to “Click HERE to view & watch” videos and images of the terror attack at the Westgate mall. Clicking the link opens up a compromised Web page. After loading the Web page, the user is presented with a popup asking them to download the file “Kenya Westgate terror Video.exe.” This executable binary file is a generic form of malware named W32.extrat that, if downloaded, could exploit vulnerabilities on the user’s computer. Spammers use the promise of video and pictures as a trap to lure large number of users seeking information about the terror attack.

The spam email message may have the following subject line:
  • Official: Kenya mall attackers Video
The following is a sample of a malicious URL included in the spam email:
  • http://[REMOVED].[REMOVED].com/u/210772057/Kenya terror Video.rar
ESET threat-sense technology allows preventative detection and identification of this kind of malicious site, even in cases where the site has not yet been reported to ESET as malicious. ESET protects customers from this type of attack with products that include antivirus and antispam technology such as ESET NOD32 antivirus and ESET Smart Security

The malware used in this attack is detected by ESET as W32.Extrat.
Users are advised to adhere to the following best practices in order to avoid malicious attacks:
  • Do not open attachments or click on links in suspicious email messages.
  • Avoid providing any personal information when answering an email.
  • Never enter personal information in a pop-up page or screen.
  • Keep security software up-to-date.


Post a Comment


Twitter Delicious Facebook Linkedin Stumbleupon Favorites More