Non-existent video involving Hillary Clinton and ISIS leader used as bait in malicious spam

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this
Malicious attachment contains Adwind cross-platform remote access Trojan. Cybercriminals are using clickbait, promising a video showing Democratic Party presidential nominee Hillary Clinton exchanging money with an ISIS leader, in order to distribute malicious spam emails.

Fig1_1.jpg
Figure 1. Malicious spam using Hillary Clinton as clickbait

The email’s subject announces “Clinton Deal ISIS Leader caught on Video,” however there is no video contained in the email, just malware. Adding to the enticement, the email body also discusses voting, asking recipients to “decide on who to vote [for]” after watching the non-existent clip. The spam email signs off with the name of an unknown group called “Lets Save America” and a #letssaveUSA hashtag. We found references to this hashtag on Twitter in 2013, but it appears unrelated.

Adwind Java RAT
Attached to the email is a .zip file containing a malicious Java file. If executed, the recipient is infected with a Java remote access Trojan (RAT) Symantec detects as Backdoor.Adwind. We also observed two Visual Basic Script (VBS) files dropped by the malware that allow it to determine which antivirus and firewall software may be running on the compromised computer.

Adwind attempts to connect to windows8pc.space, a command and control (C&C) server to download and execute additional files. This server was unresponsive at the time of this publication.

The Adwind RAT is multi-functional and cross-platform, making it possible to infect Windows, Mac, Linux, and Android operating systems.

Unsurprising distribution results
As you would expect, with 85 percent of recipients, the primary target for these malicious spam messages is the United States. We also observed a smaller amount delivered to the United Kingdom, Canada, and Mexico.

Fig2_29.png
Figure 2. Malicious spam distribution

United States election makes for valuable bait
As with most major events, the US election serves as valuable bait for malicious spam activity. With less than 90 days to go until Election Day, we advise everyone to keep an eye out for suspicious emails that may use either presidential candidate, Hillary Clinton or Donald Trump, as bait.

Source:http://www.symantec.com/

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this