Where to Buy Trend Micro Products

For Home

For Small Business

1-888-762-8736
(M-F 8:00am-5:00pm CST)

For Enterprise

1-877-218-7353
(M-F 8:00am-5:00pm CST)

Not in the United States?
Select the country/language of your choice:

Asia Pacific Region

Europe

The Americas

Not in the United States?
Select the country/language of your choice:

Asia/Pacific

Europe

America

Login

For Home

For Business

For Partners

Threat Encyclopedia

Heartbleed Bug Spreads in Spam

ANALYSIS BY

Fjordan Allego


Following the discovery of Heartbleed OpenSSL vulnerability, some sites resorted to telling the Internet population to be wary of any of their online accounts. Since the Heartbeat Extension, the OpenSSL extension first introduced in late 2011, is being used by many websites and software, abuse of the vulnerability can make private information viewable. Data such as user names, passwords, and credit card details may become easily available to attackers who successfully exploit the vulnerability. Some sites advised their users to update or change user names and passwords. Affected websites and software were told to upgrade their OpenSSL version to 1.0.1g.

While everyone is busy spreading the news to would-be victims, spammers are also using the vulnerability to spread malicious threats – one of which is through spam. Our investigation revealed a warning notification that ask users to update their banking passwords. This spammed message directs users to a supposed report delivered by CNN. The link embedded in the message redirects somewhere outside CNN.

Trend Micro product users are protected from spam that use social engineering tricks such as this spam. As a reminder, get your news updates from trusted news sites. Any change in user name and password should be confirmed first from the official website where your online account is tied to.

SPAM BLOCKING DATE / TIME: 14 Apr 2014 10:00:00 PM GMT-8
TMASE INFO

  • ENGINE:7.5
  • PATTERN:0632

Featured Stories

Connect with us on