by Barracuda Labs
Weddings are joyous affairs, happy occasions for celebration. When friends find a soulmate and announce their intentions to the world, it's exciting. We're thrilled for them and we want the details right away.
Well, not so fast.
Barracuda Labs spam honeypots have recently detected spammers sending multiple wedding-themed emails, hoping to catch people with their guards down. The messages can be quite convincing, but there is no “happily ever after” in the malware that is attached to them. If the attached “Wedding Card” is opened, it launches a fake antivirus – SecurityTool. In addition to dropping SecurityTool on the system, the Wedding Card also downloads Trojan.Fitmu.A. This program quietly runs in the background looking for usernames and passwords to steal. In particular it steals FTP passwords, and stolen FTP passwords are the most common way that sites are hacked.
The spammers are casting a broad net, even targeting users who might be planning their own wedding. Say you are busy trying to arrange a venue, finalize a contract for catering, find music and a photographer, and then receive an email such as this. Upon first glance and a quick scan, it could appear as your legitimate contract (of course, hopefully the users will notice if the venue is not one they have been reviewing!). If the attachment is opened, it does not appear to do anything at all. Nothing displays. However, more is going on behind the scenes.
The attachment is actually a Zeus Trojan, a password stealer that specializes in online banking passwords. The traffic here shows the Trojan retrieving its configuration and checking in with its command and control server.
The bottom line? Stay alert, scrutinize emails carefully and spread the word to your friends and co-workers. Being aware of these spam attacks helps prevent their success.
Barracuda Spam & Virus Firewall, Barracuda Web Filter and Barracuda Web Filtering Service customers are protected from this attack.