In a new blog post from Ronnie Tokazowski, security researcher, PhishMe, a new phishing scam that employs a shortened Google URL and contains a malicious .zip file that leads to a variant of the Cryptowall ransomware, is discussed.
Key takeouts from the post include:
Updated anti-virus should protect you from this threat, right? In this case, it probably won’t since only a fraction of vendors are picking up on this malware at the time of writing.
By following the bitcoin wallet exchanges, we have been able to successfully tie the bitcoin wallet from above to the earlier cryptowall campaign from the beginning of June. One of the wallets they are using, 1Leo, currently contains a staggering 710 transferred bitcoins, or roughly $415,000 USD. However, one thing worth noting is the last transaction to this address was 7/19/2014, more funds are being transferred to other accounts as of 7/31/2014, there are bitcoins (and money) currently not accounted for.
Using shortened URLs allows attackers to exploit human weaknesses in a number of ways. By making it more difficult to view and analyze the underlying URL, shortened URLs are more likely to be clicked by the busy or distracted employee who won’t take the time to analyze the link. Since many phishing emails aim to elicit an emotional response from the recipient by threatening negative consequences, a frazzled employee may also hastily click on a short link. Shortened URLs also take advantage of the fact that many employees simply may not be aware of how to view the destination of a shortened URL.