In a blog post titled “Benefits of your BlackBerry ID in this attached malware“, WebSense Security Labs has elaborated on its recent, rather worrying find. Websense ThreatSeeker Network has intercepted a malware campaign aimed at BlackBerry users. The campaign runs through fake e-mails that essentially state that the recipient has successfully created a BlackBerry ID. The e-mail adds that to enjoy the full benefits of the BlackBerry ID, the recipient should follow the instructions given in the attached file. Clearly, this is done to trick the user into running the malicious file.
The malware e-mail
The malware-laden e-mail is a copy of a genuine e-mail from BlackBerry. The post here adds, “And though the attachment indeed raises suspicion, there's no malicious or compromised URL in it. 17/36 AV engines identify the malware in VirusTotal”. ThreatScope analysis, which is a part of the Websense CSI service, revealed that once the attachment is set running, it drops other executable files and modifies the system registry. The malware programs automatically start, once the system restarts.
In one of its other blog posts, WebSense Security Labs discussed the menace of the Nigerian email scam. The Nigerian email scam – also known as the 419 scam, a reference to the article of the Nigerian Criminal Code that such activities violate – is so common by now that it is identifiable on first look. Yet, they continue to dupe unsuspecting people into financial losses amounting to millions of dollars, and disrupting their lives. Examples of such scam e-mails are countless, so much so that it has retained its place on the list of top ten internet/email scams for 2012.
To quote an example, the post by WebSense cites a particular e-mail, which is quite ironic in its disposition. The e-mail even contains a thing or two about how you should ''stop dealing with those people that are contacting you and telling you that your fund is with them, it is not in anyway with them'', and how ''they are only taking advantage of you and they will dry you up until you have nothing''.
The post on the Nigerian email scam also refers to scambaiters, who it says, “pose as potential victims and lead scammers in a merry dance. Some pretend to misunderstand the scammer's instructions, leading to repeated communications from increasingly frustrated scammers, while others send receipts for non-existent airline tickets to prove they are on their way to Africa with the money. Their only concern now is recognizing their contact at the airport arrivals hall. Could you kindly send a photo of yourself holding a sign with my name [insert name with humorous or indelicate double meaning] to ensure we are able to meet?” They can and they do”.