Spam campaigns roundup (July 20, 2012)
Dell SonicWALL Threats Research team has observed an increase in the number of e-mail spam campaigns over past one week that involved multiple Malware families. Below is a quick summary of some of the major malware spam campaigns we saw in last one week:
Majority of the spam campaigns were found to contain a malicious executable attachment enclosed in a ZIP archive, pretending to be an Adobe PDF file or a Microsoft Document as seen last week too. We also saw some campaigns involving malicious URLs linked to an image in the e-mail body that either serves the Malware directly or via Black Hole exploit kit infected drive-by sites as seen in the past here.
A slightly different spam campaign involved a message body containing an image file that was downloaded from a remote server as the only visible part. A closer look revealed presence of invisible text using the popular rgb(255,255,255) spammer trick, an attempt to evade certain spam filters as seen in the screenshots below:
Geographical distribution of unique spam targets and sources for campaigns involving Gamarue worm can be seen below:
Dell SonicWALL Gateway AntiVirus provides protection against these threats with the following signatures:
- GAV: Androm.DD (Trojan)
- GAV: Androm.DE (Trojan)
- GAV: Androm.SA (Trojan)
- GAV: Cridex.E_2 (Trojan)
- GAV: Zbot.AAT#email (Trojan)
