Products & Releases

SecureWorks Reports Increased Email Scams

SecureWorks' Counter Threat Unit has seen a general increase in malicious email campaigns trying to infect online users with the Zeus Trojan
December 2, 2009. SecureWorks, one of the leading global security services providers, reports that their research team, the Counter Threat Unit (CTU) has seen an increase in the number of malicious email scams being launched at computer users. CTU security researcher Joe Stewart, who monitors activity from the top spam botnets, said that in the last month he has seen a general increase in malicious email campaigns trying to infect online users with the Zeus Trojan (one of the most pervasive financial-credential stealing Trojan) on the market. One of the recent email campaigns, spamming out the Zeus Trojan via the Cutwail botnet, is made to appear as if it were sent by the CDC. The bogus email asks users to click on a link so they can create a "Vaccination Profile" which is purportedly required by the CDC's "State Vaccination H1N1 Program".

Several of these email scams are not in only sent out in mass but have been very targeted, appearing to come from a person or organization the recipient knows or involving a subject they are familiar with. In the last three weeks, the CTU has also monitored a large increase in the number of email lists being sold on the underground hacker forums, coinciding with the start of the holiday shopping season.

"Online shopping always increases during the holidays and with this comes more criminal activity so consumers need to ensure that they take precautions, whenever they are making online purchases," said Don Jackson, security researcher with the CTU. "We expect to see an array of scams including those involving fake holiday gift cards, coupons, electronic greeting cards, etc. Shoppers need to be on the lookout for any type of suspicious email or online offer."

Security Tips from the Counter Threat Unit for Online Shoppers

1. Be wary of holiday gift cards and holiday coupon offers sent via e-mail-these often have malicious links within the offer which lead to downloads of info-stealing trojans or the hackers try to scam you out of your bank account information. 2. When visiting your favorite online retailer to purchase gifts, be sure to type the actual Web site address of the retailer into your browser. Do not follow links provided by e-mail offers or pop up ads. Many times these are fraudulent sites made to look like the legitimate retail sites. 3. When making online purchases, always use a credit card that limits your fraud liability. Avoid using debit cards to do online purchases when possible so as to limit your personal exposure to any possible fraudulent transactions. 4. When making online purchases, always look at your Web browser for the https (as opposed to http) protocol that proceeds a Web address. The "s" let's you know that the Web site is providing a layer of security for transmitting your personal information over the Internet. 5. Be wary of unsolicited e-mails, even from senders that you know, that include links or attachments. Before clicking on links or attachments, ALWAYS verify that the correspondent sent you the e-mail and enclosed link or attachment. 6. Be wary of e-mails notifying you that your banking certificate or token is out of date and to download a new certificate or token. Before taking any action, verify with your financial institution by calling them on a number that is not provided in the email. 7. Online computer users should avoid using weak or default passwords for any online site.

About SecureWorks SecureWorks is a market leading provider of world-class information security services with over 2,700 clients worldwide spanning North America, Latin America, Europe, the Middle East and the Pacific Rim. Organizations of all sizes, including more than ten percent of the Fortune 500, rely on SecureWorks to protect their assets, improve compliance and reduce costs. The combination of strong client service, award-winning security technology and experienced security professionals makes SecureWorks the premier provider of information security services for any organization. Positioned in the Leader's Quadrant of Gartner's Magic Quadrant for MSSPs, SecureWorks has also won SC Magazine's "Best Managed Security Service" award for 2006, 2007, 2008 & 2009 and has been named to the Inc. 500, Inc. 5000 and the Deloitte lists of fastest-growing companies.