Researchers from M86 Security Labs have observed the Cutwail/Pushdo botnet reportedly executing one spam campaign that has different topics like Automated Clearing House, orders for airline tickets, scanned document, or Facebook notification.
Although there aren't any malware attachments in the mentioned spam mails, M86 states that the malicious payload gets launched through web-links that take onto sites, which host the malware.
In addition within Facebook, the payload is served through web-links like 'See all Requests' or 'Confirmation of Friend Request,' which on clicking, leads the user onto a malware-hosted site.
...
