Pushdo Spam Campaign Update

Our spamtraps are receiving yet another Pushdo spam attack today. The campaign is similar to previous ones but uses a "greeting ecards" theme. Here are some details:

The Spam Message:

The message uses "You've received a greeting ecard" subject line with a .ZIP file attachment. Extracting the .ZIP file contains an executable of a downloader.

The Payload:

Upon execution of the attached file, A GET request attempts to contact unionstrateg.ru and download a scareware installer named "install-1557.exe".

"Privacy Center", a fake 'antivirus scareware product', is then installed after a successful download. 

MailMarshal customers are protected against these campaigns with SpamCensor version 340.