Since yesterday, we have been tracking some heavy spammings of fraudulent emails geared towards Italian citizens. In these emails, the receiver of the email was notified of being the subject of an investigation from a fictitious Italian investigation task force named “CAFF”, which is supposed to be an acronym for “Comando AntiFrode”. In the email, the receiver of the email is urged to check out the list of people under investigation of the CAFF (which again, does not exist - but sounds real enough), conveniently located on an external website. On this website, the user is tricked into clicking a link to view the list of people under investigation. The site then tries to install its malware, in case the user’s security settings are low, without further user intervention. The list, of course, is a lovely piece of malware, that we detect as W32/Caffer@MM.

While the malware in this run does not represent anything particularly new, it is interesting to note the high quality of the localized social engineering attempt: we’re afraid that this “quality content” may have tricked numerous local users into visiting the malicious website then downloading and executing the linked malware. In fact, the language used in this email is carefully chosen, as is the layout of the website, which leads an unsuspecting user to conclude that the webpage is legitimate. Avert Labs is also assisting the Italian authorities in this matter.

W32/Caffer@MM spreads through some of the most complete social engineering attempts we've seen in a while.

In order to be better prepared and educated against this kind of threats, our readers may also want to download the latest issue of our Sage magazine, which got released today and speaks of localized threats. Grab a fresh copy now here!

Logging off now,

Paolo