Pushdo keeps on pushing…

On Tuesday we saw a large blast of emails containing attachments which were detected as Pushdo. Their strategy this time was to take advantage of many womens’ weakness and offer a 50% discount card for shopping. Unfortunately, the place they were offering the discount for was “Victoria Secret’s”, though I assume they meant “Victoria’s Secret”. If the mis-spelling of the company name wasn’t enough of a red flag, the fact that there was a .zip file attachment, poor grammar and no company branding in the email would hopefully be enough to make you not want to open the file.

Victoria's Secret Spam

Thankfully we at Sophos were detecting the emails as spam through our SXL technology (real-time lookups), and were detecting the malware itself proactively as well.