Gamarue infects Indian Users

Trend Micro has reported that the hotel booking spam has made its way into Indian users’ inboxes. As per the infection statistics, 1.89% of Indian Internet Users have already been affected.

The email purporting to be in the name of one of the hotels has a similar theme to its English counterpart as it contains confirmation and details on an alleged booking reservation. 

Gamarue is a family of malware that may be distributed by exploit kits, spammed emails or other malware, and has been observed stealing information from an affected user.

One of the Trend Micro’s Managers received at personal email address and he almost fell for it, given that he travels a lot – until he noticed the address of the hotel. It’s too bad the spammers aren’t as good with geography as making spam: the actual Hotel does not exist in India. While he was initially looking forward to attending the hotel, having read the excellent reviews on TripAdvisor, the email made it clear that this was, unfortunately, a scam. Good thing though, the attachment was already flagged and detected by Trend Micro as BKDR_ANDROM.P.

“Online travel and hotel market has become an attractive target for cybercriminals given the large volume of transactions on hotel and online sites. A frequent traveler who has done a hotel booking or checked reviews recently, in all probability, would be prompted to click that mail. When a user clicks the attachment in this spam mail, the malware known as Gamarue becomes active. It can steal from an affected user any information left behind on the emails and saved on user’s system”, said Suchita Vishnoi, Head Corporate Communications, Trend Micro.

27-Nov-2012 09:18:29