Analysis by: Fjordan Allego

Following the discovery of Heartbleed OpenSSL vulnerability, some sites resorted to telling the Internet population to be wary of any of their online accounts. Since the Heartbeat Extension, the OpenSSL extension first introduced in late 2011, is being used by many websites and software, abuse of the vulnerability can make private information viewable. Data such as user names, passwords, and credit card details may become easily available to attackers who successfully exploit the vulnerability. Some sites advised their users to update or change user names and passwords. Affected websites and software were told to upgrade their OpenSSL version to 1.0.1g.

While everyone is busy spreading the news to would-be victims, spammers are also using the vulnerability to spread malicious threats – one of which is through spam. Our investigation revealed a warning notification that ask users to update their banking passwords. This spammed message directs users to a supposed report delivered by CNN. The link embedded in the message redirects somewhere outside CNN.

Trend Micro product users are protected from spam that use social engineering tricks such as this spam. As a reminder, get your news updates from trusted news sites. Any change in user name and password should be confirmed first from the official website where your online account is tied to.

 SPAM BLOCKING DATE / TIME: April 14, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0632