NEWS FROM THE LAB - Friday, March 13, 2009

Malicious spam run. Again and again and again... Posted by Patrik @ 16:37 GMT

The type of spam runs we saw late last year (Obama and BofA) are starting to pick up again in volume. We've seen Classmates being used as a theme and two days ago it was fake Facebook messages. Today it's back to fake Bank of America certificates.

Fake BofA site

As in all previous spam runs it leads to a site prompting you to download a fake Adobe Flash player. This malware steals confidential information and sends it to a web server. In previous attacks this server was in the Ukraine but it has now been moved to Hong Kong. If you see network traffic to the IP address, it's a bad sign.