Jun25
6:13 pm (UTC-7)   |   by Nino Penoliar (Anti-spam Research Engineer)

As the controversy about Italian Prime Minister Silvio Berlusconi rises, spammers take advantage of the news to lure their victims to their malicious plots.

The spammed mail claims to come from YouTube, but checking the domain of the sender reveals that it actually came from youtorube.com, and not from the real youtube.com.


Figure 1. Notice the extra letters in the sender domain

Below is the rough translation of the mail from Italian to English:

Have you seen what combines our Chairman of the Silvio Berlusconi? You have followed your story on escort?
Thanks to a journalist of LAW, we have the opportunity to see our premier while running along with the escort
leaving little in the newspapers .. if you want to see them, and this link: http://you{BLOCKED}e.com/watchv=W3k9pMtrccQ.html
TO VIEW THE VIDEO, AND ‘THE FOLLOWING IS NECESSARY TO INSTALL CODEC

Below is the screenshot of the mail:


Figure 2. Spam sample

To view the said video, user must download and intall a video codec first. Upon clicking the link, it will download a malicious file named wmpcodec.exe. The spam mail is already detected in TMASE Full Pattern 6726, and all URLs are now blocked by Trend Micro. In addition, the malicious file is detected as WORM_KOLAB.DI.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, June 25th, 2009 at 6:13 pm and is filed under Malware, News, Security, Spam . You can leave a response, or trackback from your own site.



2 Responses to “Italy: Political Controversy Spam”

Trackbacks

  1. TrendMicro (TrendMicro)
  2. Berluska spam | VoIP & Hack

Leave a Reply


Koobface Tweets
Blackhat SEO Quick to Abuse Farrah Fawcett Death


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice