14 DAY TRIAL // Over 100 people have died and more than 190 are still missing after a South Korean ferry sank last week. As with all stories that make many headlines, this incident is also being leveraged by cybercriminals.
Trend Micro experts say they’ve spotted the first spam emails just hours after the media picked up the story. What’s interesting about this cybercriminal operation is the fact that the ferry incident is not mentioned in the body of the email, but in the footer.
“Many missing as S Korea ferry sinks. Several hundred people remain unaccounted for after a ferry carrying 476 people capsized and sank off South Korea, official say,” the message at the bottom of the email reads.
The emails carry the subject line “Notice of appearance in court” and they inform recipients that they must attend a hearing at a courthouse. These types of malicious notifications have been making the rounds for months, which means that many spam filters are probably set up to identify and block them.
However, by adding the part about the ferry incident, the cybercriminals hope to evade spam filters.
The piece of malware that’s attached to the emails is detected by Trend Micro as BKDR_KULUOZ.SMAL. Once it infects a computer, the threat can be used by cybercriminals to perform various tasks, including download other malware such as fake antiviruses and the notorious ZeroAccess Trojan.