Symantec: Phishers pump out Heartbleed attacks

Symantec has recently detected phishing emails related to the Heartbleed Bug with the phisher attempting to gather information by posing as a US military insurance service with a message about the Heartbleed bug.

The Heartbleed bug is a recently discovered security vulnerability affecting OpenSSL versions 1.0.1 to 1.0.1f.

This vulnerability was fixed in OpenSSL 1.0.1g. Symantec’s security advisory gives more details on the bug and offers remediation steps.

Spammers and phishers are known to use trending news and popular topics to disguise their payloads.

In the case of phishing emails, phishers often cite security concerns to legitimize and disguise their social engineering methods.

The payloads of these emails attempt to compel the messages’ recipients into divulging sensitive information.

In this case, the phishers send the following email:

There are several interesting attributes of this example which should be pointed out.

According to the X-Mailer header, the sender is using a very old mail client (Microsoft Outlook Express 6.00.2600.0000). Although there are plenty of users still utilizing old email software, it is highly unlikely that a modern online business would be using a desktop mail client to send out security notifications.

Notice the unusual grammar with the usage of “has initiate”. Often, phishers will attempt to quickly capitalize on a new topic.

In doing so, they will usually make grammatical errors due to the pressures of sending out a new phishing campaign as soon as possible. Also, phishing emails are often sent by people who don’t speak English as their first language.

Additionally, the phishing email purports to be a security alert from a reputable US military insurance service but contains a “Sign In” page that actually points to a compromised Turkish manufacturing site.

Although this is not an exhaustive list of identifying factors for phishing emails, it highlights some of the irregularities and inconsistencies often seen in phishing campaigns.

As detailed in the official Symantec Heartbleed Advisory, Symantec warns users to be cautious of any email that requests new or updated personal information.

Users should not click on any password reset or software update links in these messages. If users need to update or change their personal information, it is best to do so by directly visiting the website.

By Binny Kuriakose – Symantec

Follow Us
on Google+

Hilton Auckland

As more and more conferences and events arrive in New Zealand, the opportunity to gain knowledge and build networks becomes better every day. Conferences can be hard work, and there’s nothing like retiring to a nice hotel room at the end of the day to relax and rest. But how do you turn a night in a hotel room into a lesson in building brand loyalty?   Read More →

Android App Review: Vimeo

NetGuide I review a lot of apps that, for one reason or another, aren’t that good. But it’s rare to find one that’s actually irredeemably broken. Video sharing website Vimeo’s app, however, is closer than it should be for an app with such obvious potential.   Read More →