Rogue Netflix Emails Direct Users to Malicious Websites

A new wave of spam emails pose as official communications from Netflix and contain links that direct users to a malicious website trying to infect them with malware.

According to security researchers from email security vendor AppRiver, at the campaign's peak, over 10,000 of these rogue messages were hitting the company's spam traps per minute.

The emails bear a subject of "Your disc problem report has been received" and come with a spoofed header, which lists info@netflix.com as sender.

"In reality these messages are being distributed by a botnet and are emanating from all over the world," explains Troy Gill, an AppRiver spam analyst, who describes them as "pretty convincing to the untrained eye."

The fake emails abuse a standard template used by Netflix's customer service when responding to reports about discs lost in transit.

"We're sorry to hear that [a random movie name] was lost in the mail. Unfortunately discs do go missing during shipment from time to time, so it is our policy to accommodate for the occasional disc lost during shipment.

"According to our records, you have reported the following disc(s) as lost in the mail: [date] [link]," part of the contained message reads.

There's a good chance that even Netflix customers, who haven't reported a lost DVD, might click on the link out of curiosity.

However, that would be a very bad decision, because the URL takes users to a page that tries to silently download and install malware on their computers.

This type of attack is known as a drive-by download and usually involves vulnerabilities in popular applications like Flash Player, Adobe Reader or Java, being exploited.

Users should treat all links received in emails with caution and check their destination before opening them, even when they appear to be coming from a legitimate source. Running an up-to-date antivirus solution on the computer is also a must.