Beware The Promise Of The ‘Heartbleed Removal Tool’

About two months ago, the Heartbleed bug was the scourge of the internet. Since then, websites have scurried to update and patch the vulnerabilities that could potentially lead to the theft of their users’ data. As Jeremy Kirk of Computer World reports, the Heartbleed name is still being used to strike fear into users only now it’s in association with a phishing scam.

Security firm TrendMicro reports that spam emails are being distributed that promise a “Heartbleed removal tool”. Individuals who have some understanding of what Heartbleed is will understand that it isn’t a virus or malware that can simply be removed. But, others who are familiar with the name ‘Heratbleed’ but unfamiliar with any other details are being fooled.

The attachment to these emails, the supposed removal tool, is actually a keylogger, which is used to record the keystrokes of the user and sends them to the criminal who launched this attack.

Given the apparent misunderstanding of Heartbleed, this scam is already poorly constructed, but it falls apart even more when you consider the content of the email. While the body contains a warning about Heartbleed and urges users to run the attached removal tool, the subject line reads “Looking For Investment Opportunities from Syria”. A more spammy email subject has rarely been written and, of course, the subject and body don’t match.

These characteristics make this particular scam easy to spot for users and spam filters, but criminals trading on the Heartbleed name isn’t likely to stop anytime soon. Be wary of any email, even those purporting to be from legitimate companies, that advises you to protect yourself from Heartbleed. Don’t follow links in those emails and don’t download the attachments.

If your computer is infected by malware, Geek Rescue is here to help. Call us at 918-369-4335.