Trend Micro researchers found over 200 email samples that spamvertised male sexual enhancement pills. These bore subjects like “Re: Go wild in bedroom,” “Re: Let your lever straight up,” and “Re: Be her concrete-rod satisfier” and contains a URL that points to all-too-familiar Canadian pharmacy websites.

While spammed messages that lead to Canadian pharma sites are not new, there are notable things in this particular spam run. For one, it employed random messages in the email content to avoid spam filters. The spammers also put “Re:” in the subject to make it appear as though it was a reply of sorts. In addition, the FROM and TO fields bear the same email address. It particularly used dictionary form of spam attack where spammers randomly send spammed messages to a generated list of email addresses. Upon further analysis, the domains used were just recently registered.

As usual, users are advised not to open emails that spamvertise sexual enhancement pills. Trend Micro users are secure from this spam attack with the Smart Protection Network. Non-Trend Micro products users can stay protected from this by using free tools like eMail ID.

Trend Micro threat analysts found several phishing sites registered in China that target specific people or companies. The said email can customize phishing URLs using the names of intended recipients via a technique called “spear phishing.”

Spear phishing has been used by cybercriminals before in attacks that involved specific targets. In the previous post, “So Is It Twitter or Facebook?,” for instance, cybercriminals exploited Twitter’s direct message function to inform users that their pictures were seen on another website, the link to which is embedded in the same message. The link led to a bogus Facebook page from which user credentials are then stolen.

In this attack, the cybercriminals went as far as spoofing the From field to imply that the sender is from the same company the target is employed in. The URL embedded in the email is also customizable, depending on who its intended recipient is. Clicking the link points the user to a bogus Gmail Taiwan login page where the target’s user name has already been entered.

According to TT Tsai, this phishing attack seems to be targeting the Taiwan government as some of the phishing domains we have encountered are hosted in Taiwan, not to mention that the page uses the Chinese language.

Here’s a list of malicious domains users should be wary of:

• http://google.com.microsoft-server.tw/google/accounts/ServiceLogin.asp?uid=vq4hasv2o1xn&name=victim
• http://google.com.microsoft-server.tw/google/accounts/ServiceLogin.asp?uid=vq4hasv2o1xn&name=victim

TT Tsai, however, added that the cybercriminals are rapidly changing domains and taking down previously used ones to avoid detection and blocking.

As of this writing, all spam and phishing URLs related to this attack are already being blocked by the Trend Micro Smart Protection Network™. Non-users of Trend Micro products can stay protected from this and other similar attacks by using free tools such as eMail ID.