Spammers are targeting people concerned about the aftermath of the Heartbleed bug with emails prompting users to unknowingly download malware once they run a Heartbleed bug removal tool.
According to a blog post by Symantec last week, the spam requests users run the tool that is attached to the email to clean their computer from the infection. The email warns users that although they may have changed passwords on websites they use, they are still not completely secure and should run the removal tool to ensure complete protection.
The email preys on users who don’t know much about Heartbleed, and probably only heard about it in the media coverage. Heartbleed is not malware, therefore there is no way for it to infect computers.
Heartbleed impacted OpenSSL version 1.0.1 and could expose up to 64KB of memory to a connected client or server. The issue impacted a range of companies, websites and service providers, and this week The Core Infrastructure Initiative announced that it would prioritize funding to OpenSSL to improve its security.
The subject line, “Looking for Investment Opportunities from Syria,” should raise a red flag for users, since it is in no way related to the body, and is pretty typical language used with spammy emails.
The attached file is a .docx file, but once it is opened it appears as a encrypted zip file. Once the file is extracted, users find the heartbleedbugremovaltool.exe. This downloads a keylogger in the background and a progress bar shows up on screen. A pop-up evenutally appears, notifying the user that Heartbleed was not found on their computer.
DataCenterKnowledge has more on how companies are staying ahead of future Heartbleed-like security vulnerabilities by implementing effective security policies and proactively monitoring across their platforms.
by Nicole Henderson on June 3, 2014