Spam Campaign Plays On User Fear Over Heartbleed
Heartbleed spam campaigns are growing. Symantec warns of a new spam campaign that takes advantage of users' fear of Heartbleed.Attackers are actively leveraging the Heartbleed vulnerability as part of spam campaigns and security specialist Symantec is warning about the dangers of the latest spam campaign, which plays on users' fear of Heartbleed by masquerading as an attempt to help users secure themselves from the security flaw. The Heartbleed encryption flaw, publicly disclosed April 7, is technically identified as CVE-2014-0160 and referred to as a "Transport Layer Security (TLS) Heartbeat read overrun" vulnerability. The Heartbleed flaw affects the open-source OpenSSL cryptographic library, which is widely used on servers and end-user devices for Secure Sockets Layer (SSL) encryption. The new Heartbleed spam campaign is not the first spam campaign that takes advantage of the Heartbleed bug, Symantec Security Response Manager Satnam Narang told eWEEK. "However, this may be the first spam campaign that has a fake and malicious removal tool as an attachment," he said. The new Heartbleed spam campaign includes malware that Symantec identifies as Trojan.Dropper and Infostealer. The malware included in the new Heartbleed spam campaign has been known to Symantec for years and existing antivirus technology is already able to detect and block the exploits. The spam campaign includes the malware as an attachment titled "heartbleedbugremovaltool.exe."
Symantec is currently only seeing a small volume of this particular spam campaign targeting users, Narang said. "However, this could be more widespread in the wild," he said.