Fresh Spam Campaign Uses Old Infection Tricks

A new email spam campaign targeted towards German speaking users was reported by cyber-security experts. The spam emails ask the user to double-click on an infected thumbnail, masked as a picture. This method was popular in the past but was since replaced by other techniques, like macro-laced Office documents.

More Information About the Infection Method

The email spam Is in German, and it mimics a “Cabel” service, presumably for cable TV. The users are presented with a small picture. The email will ask them to double click on the picture to zoom in. Once they do, a malicious JavaScript gets loaded. The JavaScript drops a local Proxy Auto Config or PAC file that changes the network settings of the computer. That opens the door to the downloading of a rogue Comodo certificate, which will disguise malicious traffic later on.

The JavaScript will also download the Ozone RAT (Remote Access Tool) which helps the cybercriminals to hack the computer. The program costs around $20 for the standard package and $ 50 for the Platinum package. Ozone doesn’t do anything malicious by itself, though the program seems tailor-made for use by cybercriminals. It can be used without permissions from the receiving PC; it also includes a keystroke logger, and other tools that come in handy while you’re hacking. Ozone also includes a file-sharing service and can access the computer’s camera. Al these features make it ideal for spying and data theft. Ozone RAT has been active for about a year now. The resurfacing of the method caught the eye of Fortinet and a few hours later, Microsoft also wrote a report on the issue.

Example of the Emails from Fortinet:
picture-fesh-spam-wave-virus-malware-bestsecuritysearch

It Doesn’t Take Much to Infect Users

Fortinet writes: “An important lesson here is that malware actors still use simple, but very effective social-engineering techniques to get those extra clicks from unaware and untrained users.”

A double click is what separates a healthy system from an infected one. Applications like Ozone make it much easier for hackers to access your system, even if they’re not particularly skillful. Users should avoid opening emails from sources they don’t know or trust, though that’s not always %100 effective, as the PayPal Chthonic Trojan proved.

However, vigilance is always welcome when preventing cyber-security threats and breaches. It’s hard to prevent all threats manually; that’s why users should think about anti-virus or anti-malware measures that will help them in the fight against malicious content.

Was this content helpful?

Author : Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *