Non-existent Clinton/ISIS video malicious spam bait
Non-existent video involving Hillary Clinton and ISIS leader used as bait in malicious spam
Malicious attachment contains Adwind cross-platform remote access Trojan.
Cybercriminals are using clickbait, promising a video showing Democratic Party presidential nominee Hillary Clinton exchanging money with an ISIS leader, in order to distribute malicious spam emails.
The email's subject announces “Clinton Deal ISIS Leader caught on Video,” however there is no video contained in the email, just malware. Adding to the enticement, the email body also discusses voting, asking recipients to “decide on who to vote [for]” after watching the non-existent clip. The spam email signs off with the name of an unknown group called “Lets Save America” and a #letssaveUSA hashtag. We found references to this hashtag on Twitter in 2013, but it appears unrelated.
Adwind Java RAT
Attached to the email is a .zip file containing
a malicious Java file. If executed, the recipient is
infected with a Java remote access Trojan (RAT) Symantec
detects as Backdoor.Adwind. We also observed two
Visual Basic Script (VBS) files dropped by the malware that
allow it to determine which antivirus and firewall software
may be running on the compromised computer.
Adwind attempts to connect to windows8pc.space, a command and control (C&C) server to download and execute additional files. This server was unresponsive at the time of this publication.
The Adwind RAT is multi-functional and cross-platform, making it possible to infect Windows, Mac, Linux, and Android operating systems.
Unsurprising
distribution results
As you would expect, with
85 percent of recipients, the primary target for these
malicious spam messages is the United States. We also
observed a smaller amount delivered to the United Kingdom,
Canada, and Mexico.
United States election makes
for valuable bait
As with most major events, the
US election serves as valuable bait for malicious spam
activity. With less than 90 days to go until Election Day,
we advise everyone to keep an eye out for suspicious emails
that may use either presidential candidate, Hillary Clinton
or Donald Trump, as bait.
When seeking news related to the US elections only visit trusted news websites and avoid opening unsolicited emails.
Protection
Symantec Email Security.cloud customers
are protected against these malicious spam emails. Symantec
and Norton products detect the malware discussed in this
blog as Backdoor.Adwind.
Full post with charts: Non-existent video involving Hillary Clinton and ISIS leader used as bait in malicious spam | Symantec Connect Community