F-Secure’s researchers have reported that their customers in Italy and Spain have been victims of spam e-mail campaigns initiated to spread ransomware. The spam was disguised as e-mails sent by a courier service convincing the user that a parcel had to be collected. A link to track the package was also provided within the e-mail. The researchers then performed an investigation and discovered that the link redirected users to Google. However, further examination revealed a malicious scheme based on predefined conditions.
It was noted that the first two URLs were written in PHP which was executed on the server side. Researchers then realized that the servers were then establishing whether to redirect the potential victim to Google or a malicious website.
Campaign Targets Italy
It is possible that the spam e-mails were targeting only customers based in Italy since the messages were written in Italian. With the help of the online privacy and security application called Freedome, the researchers set the location to Milan and clicked on the link provided in the spam message. The results revealed that if the user was located in Italy, the server would ‘decide’ to redirect him to a cloud-stored malicious file. CryptoLocker and CryptoWall ransomware were likely to attack victims if files were executed.
Similar Scheme Found in Spain
The company found a similar spam campaign targeted at Spanish users. However, the Spanish version was a bit more sophisticated, offering a CAPTCHA code to insert authenticity.
Luckily, the reported malicious operations do not use exploit kits, just the classical social engineering tricks.
Furthermore, F-Secure customers can relax since the company blocked all URLs and detected the malicious files.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter