“Heartbleed” The Vulnerability which exploited every single website on the Internet which uses OpenSSL (an open-source implementation of the SSL and TLS protocols.)
After the Vulnerability got famous, Cyber-Criminals got a chance to implement the use of Heartbleed in their spam campaign, Hackers always use these techniques time to time, last we remember about the Malaysian Plane spam in which hackers posted a Photo on Facebook which claims to find out the Missing Malysian Mh370 Airline.
Symantec recently uncovered a spam campaign using Heartbleed as a way to scare users into installing malware onto their computers. The email warns users that while they may have done what they can by changing their passwords on the websites they use, their computer may still be “infected” with the Heartbleed bug. The spam requests that the user run the Heartbleed bug removal tool that is attached to the email in order to “clean” their computer from the infection.
Beware:
Beware from these types of Social Engineering techniques used by hackers time-to-time and the Funniest thing is, Heartbleed is not a Any Virus or Bug so your computer is infected by that, this is totally a Spam campaign by gahackers to make you con in the name of Free Anti-Hearbleed Tool.
How the Spam Email Looks?
In an email attachment screenshot by Symantec, there is one line “Looking for Investment Opportunities from Syria,” which is totally unrelated to the body of the email.
In the Doc File there is instruction given by attackers how to install the Malware and unblock that from your Antivirus Software. Inside the .Doc File there is a Zip File which named “heartbleedbugremvaltool.zip” so you are prompted to Double click on that as per the image below:
After Clicking the Zip file there is an .exe file heartbleedbugremovaltool.exe which is the harmful stuff, Now after clicking the .exe file a Window will open as you can see the image below:
In the Image Above the Tool is completing the progress and at last it tells you that ‘Heartbleed Bug not found. Your computer is clean,’ which is totally a Trash, in-real it is only completing the Formality to make sure that you checked your system with a Genuine Tool, and in backend your computer now infected with a Malware (KeyLogger) which will sent your Every keystroke to attacker, as well as the screenshot of your system.
What you can do, if you have allowed and installed this:
- In-Case you have downloaded this, and didn’t open, so don’t need to do, just remove it (Shift+Delete.)
- If you allowed the file from your Antivirus software, so don’t login online from that Malicious computer, first disconnect it from Internet>Go to Your Antivirus settings>DisAllow that File>Scan the Whole System Again.
- If Still you are unable to do anything, Install a Fresh Copy of your Operating System.
SOURCE: Symantec