Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and turned the furor surrounding Heartbleed into lure for a spam attack.
Figure 1. Heartbleed spam
The spammed mail is a simple-looking one, as far as spam goes. The body is plain text, notifying the user about the ‘big security concern on the internet’ that is Heartbleed and gives advice as well as a link to an alleged CNN report about the matter. The spam purports itself to be from an individual named ‘Dexter’ who appears to reside in Riyadh, Saudi Arabia.
The link doesn’t lead to the CNN website at all, or any website in its domain. As with all spammed links, it leads to a different URL that, as of this moment, seems to have been taken down or rendered inaccessible. Of course, it’s a good bet that it was malicious in the first place.
Cybercriminals are ready and willing to use all newsworthy topics for their social engineering schemes, including big security incidents/advisories. With the Heartbleed Bug being as big and as serious a security issue can get – not only does it affect some of the most popular websites on the Web today, but can also strike from mobile apps as well – users need to anticipate that threats may strike in a way that they never really expect.
Always be vigilant, alert and skeptical – especially when it comes to what you get in your e-mail. It may be a spammed mail you’re looking at. Clicking links in email is generally not a good idea; it’s more secure to go directly to the relevant site instead.
Trend Micro customers are of course defended against this particular attack, with the spammed mail and the URL blocked.
As for Heartbleed itself, we’ve released some tools you can use to protect yourself against this threat – namely our Trend Micro Heartbleed Detector App for Android (which notifies you of vulnerable apps and uninstalls them for you) and our Trend Micro OpenSSL Heartbleed Scanner App for Chrome (which checks specific sites for Heartbleed vulnerability). We’ve also got our Trend Micro Heartbleed Detector Website if you wish to use that instead.