Google-redirected malware spams in new format

Filed Under: Malware, SophosLabs, Spam

Since the last blog entry about Google-redirected malware, the spam campaign has not varied for some time. For those who have not seen this particular spam campaign, the Google-redirected links have the form of

    http://www.google.com/some_stringhttp://malicious_site_link

Any user clicking on a link thinking it was a safe would end up at the malicious site.

Today we noticed a new wave of of these spam messages without the "celebrity/neighbour video" theme. Here is one of the new samples:

Google redirected malware spam v4

This latest spam message has a similar look and feel as the still-ongoing campaign from a month ago, as shown below:

Google redirected malware spam v2

The latest spam messages contain various email subjects, with many masquerading as mail delivery errors, challenge/response requests, or conversational messages. Here is a partial list of subject headers we've seen:

Email subjects of the latest Google redirected malware spam

Aside from the normal looking message subjects, there are a few bizarre ones, such as "Submit a virus sample", "Proof of concept", "Virus sample", and "Spam". It is as though the malware authors are taunting users to click on the link to see what would happen. Curiosity in this case would have dire consequences.

Fortunately for Sophos users, our spam solution has been detecting the spam campaign since the early days, even with the latest change. Sophos Anti-Virus has also been effective against this campaign, with the latest malware detected by the Mal/EncPk family of identities.

You might like