The Heartbleed security vulnerability is now being actively leveraged by attackers as part of spam campaigns. Symantec is now warning about the dangers of the latest Heartbleed spam campaign which includes a malicious tool that is intended to help users secure themselves from Heartbleed.
The Heartbleed security flaw was first publicly disclosed on April 7 and is technically identified as CVE-2014-0160 and referred to as a ‘TLS heartbeat read overrun’ vulnerability. The Heartbleed flaw impacts the open-source OpenSSL cryptographic library which is widely used on servers and end-user devices for SSL encryption.
Symantec Security Response Manager Satnam Narang, told eWEEK that the new Heartbleed spam campaign is not the first ,the first spam campaign that takes advantage of the Heartbleed bug.
“However, this may be the first spam campaign that has a fake and malicious removal tool as an attachment,” Narang said.