14 DAY TRIAL // Trend Micro security experts identified a new spam campaign that’s relying on the growing popularity on NBA star Jeremy Lin.
The malicious emails that spread the infection are actually part of the LURID campaign that mainly targeted victims from Eastern Europe and Central Asia, including former Soviet Union countries.
The latest series of emails advertises the story of Jeremy Lin and comes with a Microsoft Word document entitled “The incredible story of Jeremy Lin the NBA new superstar.doc,” identified by Trend Micro as Troj_Artief.LN.
This piece of malware exploits a vulnerability in Microsoft Office that was patched up by the Redmond company at the end of 2010. If the exploit is successful, a payload is dropped in the form of a backdoor named Bkdr_Meciv.LN.
In the attempt of not raising too much suspicion, a clean document which describes the life of Jeremy Lin is displayed on the screen.
Once it steps into play, the malevolent element sends back information to its command and control server, including MAC address, IP, operating system version, language settings and a campaign code that allows the cybercriminals to track their attacks.
“These attacks demonstrate that even well-known campaigns may continuously run for long periods of time. The people behind these attacks use variants of the same malware and constantly launch new attacks against their targets,” Nart Villeneuve, senior threat researcher, said.
“The attackers continue exploiting newsworthy events in order to lure potential victims into executing malicious email attachments.”
Users are advised to stay clear of emails that advertise the life stories or even the death stories of celebrities, since it’s clear that not only campaigns such as the one that relied on Whitney Houston’s death can be successful, but also ones leveraging someone’s popularity.
Also, remember to permanently keep your antivirus software up to date.