We’ve all heard about digitally signed malware, but have you ever been targeted with a digitally signed spam email?
Someone did, and has shared the signature notice with the public:
Just received my 1st-ever digitally signed piece of spam. The ribbon is bound to entice someone 2 click on the email pic.twitter.com/470TpdaPDE
— Robert (Роберт) (@RobertIdAu) November 9, 2015
The victim is ignorant of all of this happening, and is faced with a decoy PDF file that’s supposed to reassure him or her that nothing out of the ordinary happened.
“How was that mail sent out? There’s no sure way of telling – it’s possible the company is compromised (by either malware or an attacker), there’s no SPF record, the certificate has been stolen (unlikely but not impossible), …. Most likely, a machine is infected by a spambot,” says Blaze.
“Note that with PEC (Posta elettronica certificata), a user can send a signed message even when the mailserver is not compromised. PEC means the server signs a message to ensure timestamp and sender, not content.”
The content of the email point to the target being a company employee, most likely someone in the accounting department. My bet is on this particular spam campaign having been set up to ultimately allow the attackers access to company funds.