Incident Response, Malware, TDR

Infostealer trojan masquerading as a Heartbleed bug detection tool

Nearly two months have passed since news of the Heartbleed bug went public, but spammers continue to exploit fear of the now infamous OpenSSL vulnerability in order to deliver information-stealing trojans.

In a new, yet familiar spam campaign, emails that claim to come attached with a Heartbleed bug removal tool actually deliver an Infostealer trojan, according to a Tuesday Symantec post, which explains that the trojan logs keystrokes and takes screenshots.

Several clues give the scam away, such as a subject line that is entirely unrelated to the remainder of the email, and how the Heartbleed bug is referred to in the body of the email as a virus that can be removed.

A month ago, researchers with Dell SecureWorks Counter Threat Unit identified a trojan, referred to as HelloBridge, which was masquerading as a Heartbleed bug testing tool.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.