Thursday, 27 June 2013

Qantas becomes latest lure for Andromeda malware

malware virus security threat breach
Australian airline Qantas has been spoofed by malware operators connected to the Andromeda malware botnet.
Researchers with security firm Trustwave have spotted a series of spam messages claiming to be booking receipts from the airline. The messages inform the user that a flight reservation has been made and a receipt is attached.
Upon attempting to open the file and view the supposed receipt information, the attachment activates and attempts to download a number of additional malware payloads on the infected system. Among the applications downloaded is a command and control tool which is connected to the Andromeda infection.
Originally discovered in 2011, Andromeda has seen a resurgence in recent weeks as a series of spam campaigns have been connected to the infection.
“Cybercriminals have been actively spamming out Andromeda loaders for the past year. The spam themes vary from flight, courier, tax, hotel, payroll, invoice, social media and among others,” Trustwave said in its report.
“Most of the time the spam campaigns are very legitimate looking. It may be hard to spot whether it’s a malicious email.”
Andromeda is one of a growing number of botnets which has relied on misleading spam messages to infect users. Often posing as official notices from large companies or government agencies, the spam messages often threaten penalty or account loss if users don't open the attached payload or follow a link to an attack site.
Experts advise users to be weary of any claimed official notices or notifications that arrive as unsolicited emails. Users who are unsure about the nature of a notice are advised not to open attachments or links and instead contact a customer service representative.

No comments:

Post a Comment