As predicted in this month's MX Logic Threat Forecast and Report, cyber criminals have decided to take advantage of the July 4th holiday to send out spam that links to a malware infected web site.

All of the messages that our Threat Operations Center have observed thus far have July 4th themed subject lines and brief message bodies consisting of only a few words followed by a link, a tactic used many times by the Storm/Waledac folks previously. 

Some of the subject lines that we have seen thus far include:

Amazing firework 2009

Amazing Independence Day salute

Amazing Independence Day show

America for You and Me

America the Beautiful

American Independence Day

Bright and joyful Fourth of July

Celebrate Independence

Celebrate the spirit of America

Celebrate with Pride

Celebrating Fourth of July

Celebrating the Glory of our Nation

Celebrating the spirit of our Country

Celebrations have already begun

Fabulous Independence Day firework

Fourth of July Fireworks Shows

God Bless America

Happy Birthday America!

Happy Birthday USA!

Happy Birthday, America!

Happy Fourth of July

Happy Independence Day

Home of the Brave

Independence Day firework broke all records

Let the fireworks begin!

Let's celebrate Independence Day

Light up the sky

Long Live America

Proud to be an American

Sparkling Celebration of Independence Day

Spectacular fireworks show

Stars and Stripes Forever

Super 4th!

The best firework you've ever seen

The best of 4th of July Salute

This Land Is Your Land

Time for Fireworks

Well done 4th!

Traffic so far has been pretty modest, only at about 2,500-3,000 per hour and is likely being mitigated by the fact that many companies have given their employees July 3rd off this year in observance of the fact that this year's United States Independence Day holiday is on a Saturday.

Below is a screen shot of a sample message that someone may receive in conjunction with this campaign:




The site that users who click the link in the email are lured to claims to be a video of a fireworks show, but is actually a download of an executable file (video.exe) that when run will infect the user's PC.  So far all of the links that our Threat Operations Center have observed have been subdomains of the "moviesfireworks.com" domain, however our team is on the lookout for more, and this post will be updated as necessary.

Below is a screen shot of the fake video web site.






Here's to everyone having a safe, happy, and malware free July 4th holiday :)