Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
Our partners at the City of Seattle sent us a warning today about a phishing campaign which targets users very close to home -- specifically, Seattle Washington. They're seeing spam mail circulating that claims to be from Seattle Department of Motor Vehicles, stating that the victim is charged with a traffic offense, and requesting that they fill out a linked form:
Variations of this email are turning up; all of them have similar content and a “check sum” tag line. Only the hyperlink and the time and date of the “offense” changes among iterations of the spam. It's interesting to note that the "Date of Offense" is in European format (DD/MM/YYYY), which is a strange deviation from the date format used in most of the U.S. (MM/DD/YYYY). So far, we’ve seen the hyperlink point to several recently registered domains.
We started seeing reports of this file earlier today, although we were not previously aware of the distribution vehicle until the City of Seattle alerted us about the spam. It's also interesting to note that the doofyonmycolg.ru domain was registered only a few days ago, so this is a new spam campaign.
While this particular campaign is new, Win32/Cridex variants originated around September 2011. As is usually the case, the malware authors attempted to evade detection by updating the malware and altering the hosts that it communicates with. You can read more about Worm:Win32/Cridex.B in the MMPC malware encyclopedia. The best way to remain protected against this type of attack is to:• Keep your security software and Windows security updates current• Teach yourself to recognize and avoid phishing emails and other messagesAlso, note that neither the Seattle Police Department nor Department of Motor Vehicles (DMV) sends tickets by email -- only by “snail mail” (post). The Seattle Police Department published an alert on their site at the following link: http://spdblotter.seattle.gov/2012/01/19/beware-phishy-email-titled-seattle-traffic-ticket/
-- Tareq Saade, Microsoft Security Response Center