Trend Micro security experts received email messages that supposedly came from Facebook. It asks recipients to update their login credentials for security purposes. It then instructs them to click the URL provided in the email message. When the user clicks the URL, it points them to a spoofed Facebook website where they are required to input their password only as their email address has been automatically filled up.   Once the users hit the “Login” button, it will redirect them to another ...

Trend Micro threat analysts found spammed messages that pretended to be a letter coming from the “boss.” The messages bore the subject “get back to my office for more details” and instructed users to extract and read the letter contained in the attached .ZIP file. The attachment, of course, does not contain a letter but an .EXE file (info.exe) detected by Trend Micro as TROJ_CUTWAIL.GT. Upon execution, TROJ_CUTWAIL.GT creates registry entries to automatically execute at every system startup. It also drops a Trojan dropper ...

With Christmas just right around the corner, spammers are already flooding users' inboxes with unwanted email. No surprises there. Spammers are known to exploit the holidays to further their malicious causes. Just recently, Trend Micro threat analysts found another spammed message that claimed to be a "replication specialist" and enticed users to buy replica products like watches, handbags, and jewelry at discounted prices. The email can bear any of the following subjects: Better early than late New models are here Quantities are low Reminder Some supplies are low Morever, the email also encourages users ...

Trend Micro researchers found over 200 email samples that spamvertised male sexual enhancement pills. These bore subjects like “Re: Go wild in bedroom,” "Re: Let your lever straight up," and “Re: Be her concrete-rod satisfier” and contains a URL that points to all-too-familiar Canadian pharmacy websites. While spammed messages that lead to Canadian pharma sites are not new, there are notable things in this particular spam run. For one, it employed random messages in the email content to avoid ...

Trend Micro threat analysts found several phishing sites registered in China that target specific people or companies. The said email can customize phishing URLs using the names of intended recipients via a technique called “spear phishing.” Spear phishing has been used by cybercriminals before in attacks that involved specific targets. In the previous post, “So Is It Twitter or Facebook?,” for instance, cybercriminals exploited Twitter’s direct message function to inform users that their pictures were seen on another website, the link to which is ...