The latest news making headlines around the world is about the partial shutdown of the US government, which failed to agree on a new budget. Ever quick to take advantage of a situation, cybercriminals have begun to send various spam messages related to the government shutdown. These spam messages have started flowing into the Symantec Probe Network. We have observed that most of the spam samples encourage users to take advantage of clearance sales on cars and trucks. Clicking the included URL will automatically redirect the user to a website containing a bogus offer.
Figure 1. US government shutdown themed spam email
In the messages Symantec has observed, the spammers are using a random email header, which may be an attempt to evade antispam filters. Some of the headers used in this latest spam campaign can be easily recognized:
- Subject: Half-off our autos for each day the US Govt is shut down
- Subject: Get half off MSRP on new autos for each day of govt. shut down
- From: [NAME] <shut.down@[REMOVED]>
- From: [NAME] <short.term@[REMOVED]>
- From: [NAME] <very.limited@[REMOVED]>
- From: [NAME] <limited.event@[REMOVED]>
The following pattern was observed in the links contained in the spam emails:
- [DOMAIN NAME]/[RANDOM CHARACTERS]govt-shut[RANDOM DIGITS]do.wn_event[RANDOM DIGITS]
Symantec advises users to be cautious when handling unsolicited or unexpected emails. Symantec constantly monitors spam attacks to ensure that users are kept up-to-date with information on the latest threats.