ThreatTrack Security researchers recently came across a spam campaign with a simple message -- the subject line is "Fwd: Re: War with N. Korea," and the message reads, "Hi, bad news. War with N. Korea."
Click on the link in the e-mail, though, and you'll be taken to a site that leverages the Blackhole exploit kit to deliver the Cridex malware.
According to the Microsoft Malware Protection Center, the malware is designed to capture login credentials for a variety of specific Web sites, including Facebook, Twitter, Blogger.com, Flickr, Livejournal.com, BankofAmerica.com, Chase.com, Citibank.com, WellsFargo.com and others.
"If you’re curious about how things are shaping over in Korea, visit verified news sources that you know and trust -- clicking random links in emails has never been a good idea, and given some of the payloads floating around right now it’s most definitely something to be avoided," writes ThreatTrack's Christopher Boyd.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
According to Boyd, the spam campaign also uses a variety of other subject lines, including "Re: Bank of America bankruptcy," "Re: Fwd: Tax havens busted," "Re: M&I Bank bankruptcy," "Re: Fwd: Shedding light on 'dark matter,'" and "Fwd: Re: First Citizens Bank bankruptcy."