A pernicious strain of malware has reemerged that claims to offer Edward Snowden’s just-released book to lure in unsuspecting victims.
The malware behind this campaign is called Emotet, which is spread through spam emails.
Snowden, a contractor who leaked highly classified information from the National Security Agency in 2013 when he was doing work for the CIA, just published a personal memoir, “Permanent Record,” about his life and how he helped “build” the “government’s system of mass surveillance,” as described in a blurb of the book on Amazon. It's listed there as a best-selling offering.
Offering the book free as a Word document is tempting bait, according to Malwarebytes. Typical malware hooks involve such things as fake invoices or fake delivery notices, Malwarebytes’ William Tsing told Fox News.
“However, using something like Snowden's book is an interesting approach because many people will be curious to view it, especially if delivered straight into their inbox,” Tsing said.
Emotet is dangerous. “Emotet is behind the largest spam campaign we track due to the size and diversity of its botnet,” Tsing said, referring to a network of computers that send spam.
“Its payload is used as an entry point into systems for additional and more destructive malware specifically targeting organizations that may be held for ransom,” Tsing added.
When a bogus document is opened, a fake message that “Word hasn’t been activated” is displayed. Then you are prompted to enable the content. Once you do this, nothing appears to happen. "However, what users don’t see is the malicious macro code that will execute once they click on the button," according to Malwarebytes.
An English-language sample of the spam “honeypot” email is more convincing than the garden variety, broken-English spam.
“First, they spy on us, then they persecute whistleblowers, now they ban books. Freedom? Time to organize collective reading of Snowden book everywhere. … The book is in the attachment” – said one bogus email.
The malicious email templates are in several different languages in order to target different geographic zones, Tsing said.
Always be wary of email containing links, Tsing says.
“Always beware of emails containing attachments or links even if they appear to be from a friend or colleague,” according to Tsing. This is especially true if you’re a business with a network. Tsing says businesses need to “protect endpoints from being compromised and possibly infecting the rest of your network.”
Snowden’s book continues to generate a lot of interest. On Sept. 17 the day the book was published, the Department of Justice filed a civil lawsuit against Snowden, alleging he had violated nondisclosure agreements signed with the government.