A number of fake newsletter emails purporting to originate from Resource Nation have been seen doing the rounds. They claim to offer 401K retirement savings account information, but in reality they hide a malicious scheme that’s designed to spread the infamous SpyEye Trojan.
AppRiver experts discovered
that the cybercriminals behind the campaign quickly shut it down, most likely after realizing that the notification’s subject line didn’t match the actual content. However, this may only be a temporary glitch
, so we decided to inform our readers of this threat in case it re-emerges.
The message itself is well designed, displaying titles such as “Considerations When Structuring Your Company's 401k Program”, “"Is Your Company 401k Saavy”, and “Guide to Learning 401k Terms.”
On this domain, a drive-by download is set up to push the SpyEye Trojan by leveraging a Java vulnerability.
In the next phase, the victim is redirected to msn.com
, this probably being a method implemented to avoid raising any suspicion on the user’s side.
As always, internauts are advised to be on the lookout for such notifications. The best way to check their legitimacy is to hover the mouse cursor over the links and if they point to anything else than an official website, delete the email immediately.
If you realize that you’ve already fallen for the scam and you believe that your Java installation is not up-to-date, make sure to run a full system scan with an antivirus software to ensure that your device is not infected with SpyEye.
On the other hand, webmasters are also recommended to regularly check their websites for any signs of misuse. You can ease this process by using a tool like the Hash Code Verifier
we presented a few weeks ago.