VERY IMPORTANT

In November, FortiGuard Labs uncovered a spam campaign that included a tsunami alert for Japanese citizens. The spam e-mails contained a fake link to the Japan Meteorological Agency (JMA), which when clicked downloaded the Smoke Loader trojan. After monitoring the fake site, we found that the link for downloading Smoke Loader was replaced at the end of November by a new link that deployed another high performance trojan, AZORult, that harvests and exfiltrates data from compromised systems.