A new wave of spammed messages posing as mail service notifications targeted antivirus companies, including Trend Micro. These messages ask the receivers to update their mailbox settings by opening and executing the attachment.

The two samples above TrendLabs obtained were sent to domains that belonged to Trend Micro. The file attachment does not contain any mailbox settings but instead a malicious file detected as TROJ_FAKEAV.EAO.

This spam run is similar to a run that TrendLabs earlier reported wherein Trend Micro advanced threats researcher Joey Costoya said the subdomains may have been tailor-made, depending on the recipients’ email addresses. That spam run was actually part of a phishing attempt that targeted employees of various companies, including Trend Micro.

The Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from reaching users’ inboxes via the Web reputation service and by detecting and removing the malicious file via the file reputation service.

Non-Trend Micro product users can also stay protected by using eMail ID, which prevents fake messages from reaching their inboxes. It also helps users quickly find legitimate messages.