The Asprox botnet is being used to distribute the Kuluoz malware
Earlier this week, experts issued an alert to warn users about fake funeral notifications sent out by cybercriminals in an effort to lure internauts to a malicious website. It appears there’s more than one variant of the fake messages.Hoax Slayer has spotted a version of the spam email that carries the subject line “Funeral notification.”
“For this unprecedented event, we offer our deepest prayers of condolence and invite to you to be present at the celebration of your friends life service on Thursday, January 17, 2014 that will take place at Eubank Funeral Home at 11:00 a.m. Please find invitation and more detailed information about the farewell ceremony here,” the emails read.
In this case, the notifications appear to come from someone named Kevin Kelly, who claims to be the receptionist at the funeral home.
The links from the email point to a website that’s set up to serve malware. The spam run is powered by the Asprox botnet. The piece of malware that’s distributed is a variant of Kuluoz, a threat designed to download additional malicious elements onto infected devices.
Interestingly, the Eubank Funeral Home is aware of the spam campaign abusing its name. The company has posted the following warning on its website:
“Urgent Warning: An email has been sent out appearing to come from Eubank Funeral Home. Please do not open the link as it is SPAM. We apologize for the inconvenience. PLEASE DO NOT CALL US TO REPORT THIS. Thank you.”
As we’ve mentioned previously, there might be even more variants of these spam emails. The name of the sender, the date, and the funeral home’s name might be different.
However, users should always be careful before clicking on links contained in unsolicited messages. If you’ve already clicked on the link and downloaded a file, scan your computer with an updated antivirus program to make sure it’s not infected.