14 DAY TRIAL // A few days ago, experts warned users from the United States to be on the lookout for fake Atmos Energy emails sent out by cybercriminals in an effort to distribute a piece of malware. Security researchers from Solutionary have some interesting details regarding the campaign.
It turns out that cybercriminals are using the Asprox (Kuluoz) botnet in order to deliver the emails. What’s interesting is the fact that the spammers have been changing the theme of their malicious messages.
Early in the holiday season, when people made a lot of online shopping, the botnet was sending out emails that purported to come from delivery companies such as FedEx, UPS and DHL.
Later, the Costco and Walmart-themed emails were distributed with the aid of Asprox.
Now that the polar vortex is making a lot of headlines in the United States, the spammers thought it would be a good idea to send messages that involved the name of an energy company.
“With temperatures dropping way below the zero mark, I don't know anyone who would ignore an email from their energy company right now,” Solutionary’s Jeremy Scott noted in a blog post.
The malware that’s attached to the emails is hidden inside an archive file. The malicious executable is called something like “AtmosBill_Omaha.exe,” but the name of the file changes depending on the victim’s location.
At first sight, the file appears to be a harmless document. In reality, when it’s executed, the threat steps into play.
In order to avoid falling victim to such malware attacks, experts advise users to avoid clicking on links contained in suspicious emails. Internauts are also advised never to respond to suspicious notifications.
For additional technical details on the spam campaign and the malware that’s being distributed, check out Solutionary’s blog.