Bogus “Heartbleed Bug Removal Tool“ E-mails

At the beginning of April, a serious vulnerability has been discovered in the OpenSSL Cryptography library known as Hearbleed bug. If you didn’t hear about it you can read much more via Symantec detailing.

Software vulnerabilities may come and go, but this bug is more critical as it’s the biggest security threats the Internet has ever seen in the recent history but there are a lot of users who are not aware of its nature. And that’s why they might be victims of the Spam campaigns.

And as we know, the Human element is the weakest link in the information security components and that’s why Spammers are using one of the social engineering ways to target the non-Technical users who don’t have enough knowledge about the Hearbleed Bug.

The researching team of Symantec discovered a spam campaigns targeting users of computers by sending spam emails that are very tricky to let the user open the attached file.

It’s been 1 month since the news about Hearbleed bug broke and you needed to change your passwords for your critical information. Please open attachment to run Heartbleed virus removal tool .

The email is designed in such a way to trick the users by giving the real information of the seriousness of the Hearbleed bug but basically, it contains a fake malware.

Heartbleed Bug 1

Simply, users with less technical knowledge will safely open the Attachment that contains docx file. Once the docx file is opened the user is presented with an encrypted zip file. Once the user extracts the zip file, they will find the malicious heartbleedbugremovaltool.exe file inside.

Heartbleed Bug 2

Once the tool is executed, it downloads a key logger in the background without their knowledge. After a while, a popup message will appear to them to state that Heartbleed bug was not found and that the computer is clean. At that time, key-logger software will record keystrokes, screenshots and sending all the personal information of users to the cyber criminals (Spammers).

Heartbleed Bug 3

To mitigate the risk, we have to avoid potential phishing emails from attackers asking you to update your password – to avoid going to an impersonated website, stick with the official site domain.

Refrences :


Share this info: