Heartbleed removal scam spies on everything you do
Email claiming to "clean" Heartbleed bug from computers actually installs malicious keylogger and screenshot software
A new scam claiming to be a “removal tool” for the Heartbleed web security vulnerability is targeting unwitting computer users and could steal passwords and online banking details.
The spam email campaign is the latest in a long line attempting to take advantage of major news events, although it is unlikely to fool all but the most gullible of computer users.
The email warns that while users may have changed their passwords in the wake of Heartbleed their computer could still be “infected” with the a bug.
The bogus claim then explains that a Heartbleed bug removal tool, attached to the email, can “clean” the infection from the computer.
According to security firm Symantec the email has the subject line “Looking for Investment Opportunities in Syria”, although the content of the email is about the Heartbleed vulnerability.
“This type of social engineering targets users who may not have enough technical knowledge to know that the Heartbleed bug is not malware and that there is no possibility of it infecting computers,” explained Symantec’s Joseph Graziano.
The email purports to be from a well-known password management company with an attached .docx file containing an encrypted zip file with malicious software inside. Once the heartbleedbugremovealtool.exe file has been executed a pop-up message with progress bar appears explaining that the computer is clean and no “bug” has been found.
The malicious software actually installs a keylogger that records all keystrokes and takes screenshots of an infected computer before sending this confidential information to the scammers.
Symantec has warned people to remain vigilant and never open emails or attachments they don’t trust. Most antivirus software should detect and block installation of this malicious software.