The conclusion of the recent holiday season didn’t stop cybercriminals from creating new spoofed promos to distribute malware, of course.
Very much similar to the social-engineering campaign that used McDonald’s and Coca-Cola, yet another spam run that distributes malware was recently found by Trend Micro researchers.
Popular brands such as IKEA, Jack Daniel’s, and British Airways were all used for this recent campaign. Spam emails are sent, promoting a coupon and instructing the recipient to open the attached coupon to cash in on savings. But instead of a coupon, the attachment actually contains malware that compromises the victim’s computer.
Below are screenshots of sample spam emails with their corresponding attachments:
Figure 1. The attachment for this spam is named ikea.exe.
Figure 2. The attachment for this spam is named jackdaniels-coupon.exe.
Figure 3. The attachment for this spam is named product-extention.exe.
Figure 4. The attachment for this spam is namedbritishairways-coupon.exe.
The Trend Micro Smart Protection Network provides users complete protection from this threat, with spam mails already blocked, and the malicious coupons detected as TROJ_DROPPER.FYU.
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
January 8th, 2009 at 12:36 am
[...] Trend Labs Malvare blogg rapporterar om falska reklamkampanjer som sprids via email. Mailen utger sig för att vara från kända varumärken, som IKEA, Symantec, British Airways mm. Mailen innehåller en “kupong” som man uppmanas att klicka på för att få tillgång till erbjudandet. Men i stället så laddas ett spionprogram ned till datorn. Som vanligt är ett fungerande virusskydd och gott omdöme det bästa skyddet. [...]
January 10th, 2009 at 2:34 am
[...] bestyearcard.com blackchristmascard.com cardnewyear.com cheapdecember.com christmaslightsnow.com decemberchristmas.com directchristmasgift.com eternalgreetingcard.com freechristmassite.com freechristmasworld.com freedecember.com funnychristmasguide.com greatmirabellasite.com greetingcardcalendar.com greetingcardgarb.com greetingguide.com greetingsupersite.com Another mass-mailing worm that spams email using a legitimate images from Ikea, Hallmark and perhaps more other sites. It targets IIS web servers and attempts to change the index file to a fake security alert and disguising a fix for MS09-067. What?!? Yes, MS09 (2009) …This worm has sense of humor. Further reading here [...]