After Facebook Whitney Houston Autopsy Video another spamming campaign has been reported by TrendMicro security experts. the detected malicious activity is using the popular NBA basketball player Jeremy Lin. the New York Knicks star is getting an increased popularity that made cybercriminal using his name to attract new victims.
Document used in this malicous operation is very attractive as it is called “The incredible story of Jeremy Lin the NBA new superstar.doc” this is actually a Trojan backdoor that will exploit Microsoft office vulnerability to run the malicious program on the background and open a new clean Microsoft word document to eliminate suspicion.
After analyzing the malware it is able to send C&C server the following information:
- Host name
- MAC and IP addresses
- Operating system and language settings.
- Campaign code “tb0216″ for tracking the attack.
Well this is a well-organized malware as it can select and filter their target, so if I am targeting a certain users I will check for their language and use them during the attack. This malware serve as part of LURID campaign a previous cyber spamming operation.
The last note on Trend blog post state that “These attacks demonstrate that even well-known campaigns may continuously run for long periods of time.” and continue that “The attackers continue exploiting newsworthy events in order to lure potential victims into executing malicious email attachments.”