In case you did not know some basic information about the Heartbleed encryption bug which popped up in mid April, here is a brief recap: the flaw is not caused by any malware and any email that tries to convince you into downloading an anti-Heartbleed software fix might have some nefarious agenda in reality.
That is precisely what happened after bad actors took advantage of the situation and created a Trojan that now disguises as a software for removing the Heartbleed “malware” from your computer.
It should be made clear first that Heartbleed is a vulnerability affecting the SSL protocol which is responsible for encrypting our data in transit. The flaw emerged from an accidental coding error in the OpenSSL encryption system a few years ago, and it was only last month that the loophole was discovered.
The impact of Heartbleed on many networks has been so far reaching that cyber criminals were very quick in coming up with their own tactics to target more victims. Security vendor Symantec found out that a spam campaign dubbed Trojan.Dropper and masquerading as a fix to Heartbleed, which was being branded as malware, has been gaining traction, not so much for its sophistication as for the ease with which victims were lured into it.
Here is how it went. Spammers created a fake anti-malware solution that promises to eradicate the Heartbleed from your computer. First they would alert you via email to a purported malware in your computer caused by the Heartbleed bug, when it fact the flaw has nothing to do with any form of malware. Then you will be advised to take precautionary measures other than changing your password by downloading and installing the Heartbleed fix that comes as an attachment. There goes the spam.
Users who have little to no knowledge at all about Heartbleed will certainly fall for the trap. Know that Heartbleed, again, is not a malware and it has no capability of infecting your computer since it is only a flaw that affects the OpenSSL protocol. The only way to fix that is to fix the age-old encryption protocol implemented by Websites, which is an expensive and time-consuming tasks. Nevertheless, some big players in the Internet business have already done so at their own expense.
The attachment contains a docx file, so users have the immediate impression that it is safe to use. Actually, when you click on the zip folder within the document, a malicious execution of keylogger would take place in the background, and it will be too late before you realize that you have, in fact, downloaded not a Heartbleed fix but a malware.