and Kaspersky Lab
are reporting on a currently ongoing Japan quake themed spam campaign which leads to scareware and client-side exploits. Spammed using the Cutwail/Pushdo botnet, the campaign is using an event-based social engineering theme in order to trick users into clicking on the malicious links.
Upon clicking on the link the user is exposed to client-side vulnerabilities
, ultimately dropping a scareware
variant. Millions of users continuing to clicking on links in spam emails.
Meanwhile, users are advised to browse the Web in a sandboxed environment
, using least privilege accounts
, NoScript for Firefox
, and ensuring that they are free of client-side exploitable flaws.