Spam never gets tired. There was a peak in spam campaigns during the winter holidays but apparently we are not going to see the end of them any time soon. Fraudsters are constantly attempting new ways, and often involve social media to draw as many users as possible.
A brand new spam campaign detected by Comodo researchers is currently targeting Facebook users.
Because this campaign resembles a lot the one that targeted WhatsApp not long ago, researchers believe it’s another effort by the same spammers.
How does the Facebook-themed spam campaign work?
Like we said, the campaign doesn’t differ much from the one that was aimed at WhatsApp users and was spreading the Nivdort Trojan.
Learn More about the WhatsApp-themed Spam
Spammers are again sending fake email messages that imitate official notifications, this time from Facebook. Those emails are reported to contain audio messages. Similar to the WhatsApp spam scam, the emails are tricking users into believing they have received a legitimate voice message.
Spam emails may have a subject line like the following:
- You have obtained a voice notification;
- An audio memo was missed;
- A brief audio recording has been delivered;
- A short vocal recording was obtained;
- A sound announcement has been received;
- You have a video announcement;
- A brief video note got delivered;
- You’ve recently got a vocal message.
Not surprisingly, the payload of the spam operation is Nivdort – the same Trojan that was distributed in the WhatsApp-themed campaign. The Trojan is contained within the email attachment. Once executed, Nivdort will automatically replicate itself into C:\ directory. Then, it will add a Windows Registry entry will run automatically upon restart or shut down of the PC.
Additionally, Nivdort modifies the Windows Hosts file and prevents users from accessing websites of anti-virus companies. The Trojan also attempts to disable the Firewall notifications from the Windows Security Center.
As pointed out by the Comodo research theme, phishing may not be the most groundbreaking attack but it’s definitely one proven to be very effective.