Vodafone Malware Campaign Goes Large Scale; the Dutch Are at Gunpoint

The recent “Vodafone” malware campaign targeting Brits went international as several waves of spam loaded with Trojan Gamarue landed in the Dutch region. The Bitdefender Labs expect the MMS campaign to spread to even more countries and languages.

Dutch users are at cyber-gunpoint these days as a dangerous dropper infects them with malware capable of mining sensitive details and sending them to a machine controlled by hackers. The compromised e-mail is camouflaged as a Vodafone archived MMS attachment.

“You have received a picture message from mobile phone number XXX,” reads the message, which is half written in English. When crafting the e-mail, cyber-criminals used obfuscation techniques to help avoid antispam detection.

When curious Dutch users click on the phony MMS, the malware dropper secretly downloads Trojan.Gamarue.E, which damages the system and grabs important data. The Trojan can also download and execute arbitrary files, updating itself. Gamarue may also spread to removable drives, so users should be careful when managing confidential data through USB.

For reinforced security measures, Bitdefender blocks the spam wave, the malicious dropper and the Trojan that may be installed after clicking the attachments.

Droppers masquerade as legitimate tools that will secretly deploy malware on users’ computers. They are usually installed through compromised web sites or infected e-mail attachments. Besides slowing down the system, some can even hijack the computer and give cyber-criminals remote access to the infected system.

In November last year, similar malware infected UK Vodafone clients with the same MMS disguise. This type of malware has also been spreading in Germany in a separate spam campaign that infected users who clicked on a fake hotel reservation.

Tips and tricks:

• When you open e-mails from companies, banks and other services, keep your security radar on, even for popular brands. Scammers often use big companies to trick users into clicking their malicious e-mails.
• Be particularly skeptical when you don’t see your full name written in the e-mail, and stay on guard when opening an e-mail attachment even when it comes from your friends or contacts.
• Install an antivirus solution and keep it updated. It will not only block unsolicited messages that may avoid e-mail services’ antispam detection, but also dangerous malware, phishing and fraud. Scan your system regularly to ensure your computer didn’t catch malicious files while you were surfing the Internet.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Daniel Ichim, Bitdefender Spam Researcher.