Clickbait is one classic technique we find in news stories all over the internet to induce curiosity or shock among readers, which will result in a clickthrough. It has been deemed as something very effective; even Facebook is announcing plans to cut back on such headlines in the future. Cybercriminals also know this very well, which is why a new email scam utilizing it is out in the wild, starring U.S. presidential candidate Hillary Clinton.
A spam email is being spread recently, which allegedly contains a video clip of Clinton meeting with the leader of the terrorist group ISIS. It contains the subject line "Clinton Deal ISIS Leader caught on Video," which would obviously pique the curiosity of someone who has received the email, especially those in the United States.
The text inside the email states that the presidential candidate was seen exchanging money with the leader, and then tells the recipient "you can decide on who to vote." However, in reality, the message does not contain any video file. Instead, it has a .ZIP file, which according to Symantec, contains a malicious Java file which when opened infects the recipient with a Java remote access Trojan (RAT) dubbed as 'Backdoor.Adwind.' It also has other two .VBS files, which can reportedly detect which antivirus and firewall software the victim is utilizing.
Adwind will then attempt to connect to windows8pc.space, which is its Command and Control (C&C) server. This server is responsible for downloading and executing more malicious files on the victim's computer. According to Symantec's analysis, the Trojan not only can open a back door on the infected machine, but it can also steal information from the victim. It can also reportedly affect not only Windows machines, but Linux, Mac OS X, and Android devices.
With these kinds of attacks going on, we advise readers to become very careful with any email they ever come across with, as they could contain malware and other software that could compromise the computer's safety, as well as the owner's identity. Clickbait emails such as the one mentioned are programmed to be regarded as a 'must-see,' especially for those who are not very familiar with such tactics of spammers and cybercriminals.
Source: Symantec (1), (2) via Graham Cluley
40 Comments - Add comment