I am considering that you all must have read my last article on OpenSSL Heartbleed, a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server’s memory, potentially revealing users data, that the server did not intend to reveal.
The Heartbleed vulnerability made headlines around the world and my last article explains everything about probably the biggest Internet vulnerability in recent history, but still some readers are not aware of its nature, otherwise they would not have been a victim of the spam campaigns.
Spammers are very smart on gaining from every opportunity they get, so this time they are taking advantage of the infamous Heartbleed bug and frighten the users into installing Anti-Heartbleed Software onto their systems, which is obviously a malware.
The researchers at Symantec have unearthed a spam campaign targeting people by sending spam emails that warns them their system may still be “infected” with the Heartbleed bug and request them to run the Heartbleed bug removal tool (attached to the email, as shown below) in order to remove the virus from their system.
The people with a little knowledge of the OpenSSL Heartbleed Bug may follow what the spammers say, despite websites around the world flooded with the Heartbleed articles, explaining how it works, how to protect, and exactly what it is. Yet many didn’t get it right.
We too explained almost everything related to the nature of the bug and the foremost myth of the people about the bug is answered in our top question that explained Heartbleed is not a Virus or Malware, instead it’s a vulnerability resided in TLS heartbeat mechanism built into certain versions of the popular open source encryption standard OpenSSL. So, how could you go with the spammers in cleaning up your system to protect your systems from Heartbleed infection or malware?
Now, this is something which is unacceptable and allows cybercriminals to targets users with less technical knowledge to know that the Heartbleed vulnerability is not at all an infection or a malware.
> “The spam email uses the social and scare tactics to lure users into opening the attached file,” reads the blog post.
The email tricks users by masquerading itself to come from a very popular password management company, with the details to run the attached removal tool, along with the measures if users’ antivirus software blocks it.
Users feel safe to open the attachment as the attached file seems to be a docx file, but once it is opened, it will serve an encrypted zip file to the user. When the user extracts the zip file content, they will find a malicious .exe file that represents itself as the Heartbleed bug removal tool.
Once the .exe file is executed by the user, it downloads a keylogger in the background without their knowledge, whereas the user shows a popup on the screen with a progress bar. After a while, a message flash on the screen reporting users that Heartbleed bug was not found and the computer is clean.
The user may feel relieved after knowing that the Heartbleed bug has not affected them, but during the same time they are unaware of the key-logger software installed in background and recording keystrokes, screenshots and sending all the personal information of users to the cyber criminals.
Users are recommended not to click on any link in the suspicious messages and better use your common sense and knowledge at right time and right place, because security researchers, experts and we sitting here can only provide you knowledge about the various vulnerabilities and measures to get rid of it, but else is up to you to protect yourself from these kind of security threats.