A clever spam campaign is underway that pretends to be a WebEx meeting invite and uses a Cisco open redirect that pushes a Remote Access Trojan to the recipient. Using open redirects add legitimacy to spam URLs and increases the chances that victims will click on an URL.
An open redirect is when a legitimate site allows unauthorized users to create URLs on that site to redirect visitors to other sites that they wish. This allows an attacker to utilize the URL of a well-known and respected company to deliver malware or phishing campaigns.
For example, Google has an open redirect at the URL https://www.google.com/url?q=[url] that can be used by anyone, including attackers, to redirect a visitor through Google's site to another site.
You can see an example of Google's open redirect with the following URL that ultimately redirects you to example.com: https://www.google.com/url?q=https://www.example.com.
By using these types of URLs, attackers can more easily trick victims into clicking on them.
WebEx malspam uses Cisco open redirect
A clever spam campaign discovered by Alex Lanstein using a fake WebEx meeting invite is underway that is being used to spread the WarZone Remote Access Trojan (RAT).
This malspam campaign pretends to be a WebEx meeting invite that looks almost identical to the real emails sent to participants when a WebEx meeting is created.
Fake WebEx Meeting Email
If you ..
Support the originator by clicking the read the rest link below.
