Blog

Abcam is a company that produces and distributes research-grade antibodies and associated products. A seemingly unlikely target company to spoof for a malware campaign, but it's been done now. We see fake emails about court dates, jury summons, missing packages, etc all the time. One thing many of them do is use hosted images on other peoples websites or even the actual business they are spoofing. This allows the malware authors to send out nice html formatted email with pictures hosted using some other persons bandwidth.

In this case, Abcam found out they were the chosen victim company in this case and the emails were using the blue banner hosted on their website. Well when you hot link an image (or really anything) the owner of the site it's hosted on still retains control of what that actually links to. Below is what was being sent out to people with a malicious XLS file attached.

Abcam did make a post about this, but I noticed when I went to go look at some samples we were seeing here (being caught by a virus rule from earlier in the year) that they had changed their banner to try and give a heads up to users receiving the spoofed messages.

I like this idea and believe it's a pretty good move on a companies part to try and give people a heads up the email should not be trusted. With the image loading being live, it means that even if someone received the message hours ago it will still show the new banner warning them when they go to view the message. Though the spoofed messages are in no part the victim companies fault, it's still a nice step to being proactive for people using their name for malicious reasons.