14 DAY TRIAL // Internauts receive emails from organizations they know and trust, that later turn out to be an attack launched by someone who took over the senders accounts in an effort to spread malware infections.
Email marketing companies have a very precise role in promoting certain brands or products. But what happens when they become overtaken by cybercriminal forces?
Websense Security Labs encountered a large number of such messages that seemed to genuinely come from large legitimate organizations.
Once the account of a promoter is taken over by the hacker, he will start sending out all sorts of notifications that seem real, in one of the cases a clothing order was sent using the name of an international retailer. This particular attached malware was so menacing that, at the time it was discovered, it wasn't detectable by any commercial anti-virus solution out there.
Because the victim businesses operate both on and off-line the messages might be taken as being genuine by a lot of consumers.
Even though the analysis made by Websense shows that the note truly originates from the legal sender, the fact that it's filled with malicious links gives away it's true identity.
In some cases the hackers take over the involved company's website, flooding it with malware, but mostly they use freshly created domains to spread their malevolent software.
Marketing firms are easy to impersonate, in most situations the attacker getting all the information he needs from newsletters sent to subscribers.
Sometimes things get even worse as the masterminds behind the hits not only obtain email addresses but also other sensitive data that could lead to disastrous results.
I have to agree with the web security researchers when they say that promoters should better protect they virtual assets, finding enhanced protection solutions and setting stronger passwords to protect their clients and their reputation.