• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Bad Sites   »   Cybercriminals Take Advantage Of Heartbleed With Spam

Cybercriminals Take Advantage Of Heartbleed With Spam

  • Posted on:April 23, 2014 at 8:49 am
  • Posted in:Bad Sites, Spam
  • Author:
    Fjordan Allego (Anti-Spam Research Engineer)
0

Since news about Heartbleed broke out earlier this month, the Internet has been full of updates, opinions and details about the vulnerability, with personalities ranging from security experts to celebrities talking about it. Being as opportunistic as they are, cybercriminals have taken notice of this and turned the furor surrounding Heartbleed into lure for a spam attack.

Figure 1. Heartbleed spam

The spammed mail is a simple-looking one, as far as spam goes. The body is plain text, notifying the user about the ‘big security concern on the internet’ that is Heartbleed and gives advice as well as a link to an alleged CNN report about the matter. The spam purports itself to be from an individual named ‘Dexter’ who appears to reside in Riyadh, Saudi Arabia.

The link doesn’t lead to the CNN website at all, or any website in its domain. As with all spammed links, it leads to a different URL that, as of this moment, seems to have been taken down or rendered inaccessible. Of course, it’s a good bet that it was malicious in the first place.

Cybercriminals are ready and willing to use all newsworthy topics for their social engineering schemes, including big security incidents/advisories. With the Heartbleed Bug being as big and as serious a security issue can get – not only does it affect some of the most popular websites on the Web today, but can also strike from mobile apps as well – users need to anticipate that threats may strike in a way that they never really expect.

Always be vigilant, alert and skeptical – especially when it comes to what you get in your e-mail. It may be a spammed mail you’re looking at. Clicking links in email is generally not a good idea; it’s more secure to go directly to the relevant site instead.

Trend Micro customers are of course defended against this particular attack, with the spammed mail and the URL blocked.

As for Heartbleed itself, we’ve released some tools you can use to protect yourself against this threat – namely our Trend Micro Heartbleed Detector App for Android (which notifies you of vulnerable apps and uninstalls them for you) and our Trend Micro OpenSSL Heartbleed Scanner App for Chrome (which checks specific sites for Heartbleed vulnerability). We’ve also got our Trend Micro Heartbleed Detector Website if you wish to use that instead.

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.