Margaret Thatcher's Death Sparks Malicious Emails
CREDIT: Margaret Thatcher Foundation/Creative Commons
As they often do, cybercriminals are drawing on the day's news to lead victims to malware.
Researchers at San Diego's Websense Security Labs came across an email with a Web link to what promised to be a news article about former British Prime Minister Margaret Thatcher, whose death Monday (April 8) put her back in the headlines.
But instead of leading to a news site, the malicious link takes the reader to a corrupted Web page that contains the Blackhole exploit kit, a bundle of malware designed to infect computers through their Web browsers.
In a feeble attempt to further convince potential victims that the link is safe, the subject of such emails often begins with a "Fwd:" or "Re:" prefix to make the message appear as if it's part of an ongoing conversation with a friend or other trusted contact.
In this case, the subject line reads "Fwd: Re: Kissinger: Thatcher's Strong Beliefs" and contains a nearly identical link inside.
In Websense's test, the Blackhole exploit kit installed the Cridex Trojan, known for cracking CAPTCHA codes. Other computers with different browsers and browser plug-ins might have been infected with different malware.
The Thatcher email campaign is just the latest in a long, ever-evolving strategy to infect users via drive-by downloads, which attack computers as soon as a Web browser lands on a corrupted site.
Previous iterations of malicious emails cited by Websense have used subject lines like "Living Large in Don Draper's New York" and "War with N. Korea."
If you receive an email message from someone you don't know, don't open the links inside without checking to see where they lead first.
Hover your mouse over the link in question, and your browser should display the link's true destination, usually next to the mouse or in a corner of the browser window.
If the link seems suspicious or goes somewhere other than where it claims to, don't click on it.
Cybercriminals also have ways of impersonating trusted sources. Email "from" fields can be "spoofed" to make it seem that the messages come from friends, and many cybercrooks dress up emails to look like official communications from major brands or government agencies.
Looking at the sender email address, instead of the display name, almost always reveals if the sender is who he or she claims to be. (Once again, hovering over the displayed text will reveal the link underneath.)
To Internet veterans, these tactics might seem rudimentary. But criminals use them because they work.
By paying attention to details and treating all links with skepticism, users can avoid many of the pitfalls that lead to malware infections.