A malicious campaign that sends a blast of nasty emails that are disguised as MasterCard updates but contain an assortment of malicious files pointing to the Andromeda botnet has been detected.
Last week, AppRiver warned of a set of virus campaigns where “enormous volumes of traffic are sent to data centres” which are designed to deliver a new Trojan which targeted Bank of America users.
In its latest detection, AppRiver has continued to track a blast of malicious emails and quarantined over 150 million email messages containing malware attachments in February. “The latest rounds of emails are disguised as MasterCard updates and contain an assortment of malicious files pointing to the Andromeda botnet, a Trojan designed to harvest personal and financial information,” it said.
Troy Gill, senior security analyst at AppRiver, said: “This malware campaign is still going strong, but the technique is nothing new. The malware distributors are sending large blasts of emails with varying premise. Attached to each message is a file that poses as one thing but in actuality contains malicious code. The themes of these emails continue to vary.”
If a recipient clicks on an attachment, it will allow the attacker to have a backdoor to that machine and can further install malware that most commonly includes programs designed to harvest personal and financial information.
“While some scans of this assortment of malicious files have pointed to the Andromeda botnet or even the [not so recently defunct] Bredo botnet, these Trojans are mostly identified with generic names. In turn some of us here at AppRiver have taken to referring to this botnet activity as TidalWave or TidalBot (due to its enormous ebbs and flows),” Gill said.
“Whether or not this botnet is a completely new build from the ground up or built up from an existing piece, one thing is certain – they have spent some time and effort compiling a large swath of compromised machines to have at their disposal.”
