Wave of malicious spam targets corporate sales departments

Print Friendly, PDF & Email

By Dave Michmerhuizen – Research Scientist

Sales is a high pressure job, and salespeople today are always scrambling, trying to make the next sale or line up the next order. Spammers are taking advantage of this frenetic workpace by sending out malware-laden emails pretending to be incoming orders.

Here at Barracuda Labs we usually see malicious attachments on a variety of spam types – fake package delivery notices, fake bank security alerts, even fake voicemail messages, but lately the great majority is using this “we wish to place an order” ruse.

 

This sort of malware distribution is a cottage industry with small operators that constantly copy and refine each other's approach, so these come-ons are all slightly different. They are often quite persuasive, with convincing details that are totally false.

 

The attachments on these messages are almost always password stealers and backdoors.

 

These are not particularly sophisticated attacks in terms of how they are deployed.  There is no nefarious javascript here or zero-day vulnerability code.  Just  .ZIP attachments containing executables, usually slightly obscured by the use of multiple dummy extensions (such as document.pdf.exe) or unfamiliar windows extensions (such as .cpl – control panel extension.)  Windows always warns you when  you open such a file and you have to explicitly instruct windows to run the malware by choosing ‘Run'.

 

Since that's the case, these malware distributors put all all of their effort into refining the social engineering they use to make their messages compelling. They hope that the desire to book a new order will overwhelm the little voice that says “don't run that.”

We believe this “new order” spam must be working well for them because of it's widespread use.   Don't be tricked.  The vague wordings of this sort of spam is a big tipoff, and if you see an attachments , just delete the email.  If you're curious, try a phone call.  Pay attention to the little voice.  Don't run anything you recieve in an email.

 

Barracuda Networks customers using the Barracuda Spam and Virus firewall are protected from these emails.

Scroll to top
Tweet
Share
Share