Malware spread fueled by fear of money loss

Cyber crooks have learned long ago that potential targets respond well to scare tactics, and this the kind of social engineering approach that two recent spam campaigns detected by CA employ.

The first one takes this form:

With subject lines like “$25,122 wire invoice verification” and “Adwords ads have stopped running!”, the criminals try to persuade the targets to download the malicious attachment purporting to be a .doc file holding further details about the potential or near loss of a substantial amount of money.

Those unlucky people who fall for such a scam will actually be downloading an malicious executable that drops a Trojan downloader often associated with the installation of rogue security software into the target’s machine.

Another example of spam trying to take advantage of our fear of losing money is the following:

Trying to scare you into thinking that maybe someone has been misusing your credit card information and making purchases you clearly don’t remember making yourself, the message contains a malicious attachment that the criminals count on you to open in search of more information about this phantom transaction.

The attachment, unfortunately, contains only rogue security software which – if installed – will continue the fear campaign with warnings about infections in order to make you part with your hard-earned money.