X-Labs
August 18, 2011
Bots resurrected - malicious spam on the rise.
Websense ThreatSeeker® Network has been monitoring an increase in malicious spam activity over the last 28 days, and a recent spike which seems to be spreading quickly and in large amounts begs the suspicion that a spam bot or a bot network is awake.
Some of the message subjects that we've seen include, but are not limited to:
- DELIVERY CONFIRMATION FROM FedEx [Reference Number]:
- FedEx DELIVERY CONFIRMATION [Reference Number]
- Your FEDEX id. [Reference Number]
- Wrong transaction from your credit card in The [Hotel Name]
- Changelog: [Reference Number]
- Re:Fw: Intercompany inv. from [Organization Name] Corp
- From USPS [Reference Number]
- DHL id. [Reference Number]
- DHL ATTENTION [Reference Number]
- Your credit card is blocked
Many of the varied subjects seem to be based around major courier service names such as DHL, UPS, and similar, and bear a resemblance to a receipt confirmation or delivery note. Others are recycled subject lines such as the 'credit card blocked' types mentioned in a previous blog.
Sample messages with attachment:
Websense customers are protected from these threats by ACE, our Advanced Classification Engine.
About Forcepoint
Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.