Jump to content


Photo

Emails entitled: Our sponsorship


  • Please log in to reply
No replies to this topic

#1 Dave Farrow

Dave Farrow

    PSIRT

  • Moderators
  • 33 posts

Posted 23 July 2015 - 05:52 PM

Around 02:00 PDT on July 21, 2015, evidence began appearing of an email campaign bearing a new virus. At that time, no anti-virus vendors could identify the threat. The virus exhibited a high degree of variability. We have seen it mutate upwards of 1000 times in the wild.

 
Because no anti-virus signatures recognized the threat, with each mutation, a small number of infected emails were delivered prior to the virus being identified and blocked. 
 
An employee at Barracuda received one of these infected emails, inadvertently opened the attachment, and infected one PC with access to a shared corporate mailbox, CudaDrive_Corporate_Support@barracuda.com. The infected machine began sending emails to contacts in that mailbox for several minutes before it was identified and taken offline. 
 
At this time, Barracuda and all major virus vendors have developed and delivered signatures to identify this virus. Up-to-date Barracuda spam filters will block this threat.
 
A relatively small number of people may have received infected emails from this account and we have notified all potential recipients directly.