14 DAY TRIAL // Security researchers from Sophos have intercepted a spam campaign, which masquerades emails delivering a requested changelog. The attachment contains a malicious application from the BredoZp family of malware.
The spam emails come with subject of "Your log 05.07.2010". However, considering that a message received today had the same subject, the 05.07.2010 date doesn't appear to change, suggesting that this campaign started sometime at the beginning of this week.
The content of the emails simply reads "Good morning, as promised your changelog is attached". The "From" field is forged and displays a name, which is also used to sign the rogue message; a bit of social engineering which makes the whole scam more believable.
The attachment is called Changelog_05_07_2010.zip and contains a piece of malware detected by Sophos as Mal/BredoZp-B. "Clearly the attachment's filename has been chosen to make the email seem more timely, and the hackers are banking on users who receive the message being inquisitive enough to open the file to see what it is regarding. Once again, that would be a bad decision - don't forget that curiousity killed the cat," Graham Cluley, senior technology consultant at Sophos, advises.
It seems that the practice of using emails to spread malware is again on an increasing trend, after in recent years many cyber criminal gangs favored infected websites and black hat search engine optimization (BHSEO) campaigns. According to recent report from email and Web security vendor AppRiver, one in ten spam messages distributed during the past six months contained malware.
The company also revealed that most email-borne malware is computer trojans. This is consistent with the findings of Spanish antivirus vendor Panda Security, which reports that trojans accounted for 52% of all new malware created in the second quarter of 2010. This is not surprising since trojans can be used to pull in significant profits from illegal activities bank fraud and identity theft.
You can follow the editor on Twitter @lconstantin