Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Cristina Buenviaje (Anti-Spam Research Engineer)

    Every year, Valentine’s Day is marked by lovers exchanging flowers as well as giving confectioneries and sending greeting cards to each other. As early as now, spammed messages exploiting the occasion have been spotted online.

    Clicking the Order Now button in this spam redirects users to a site that says that the offer is no longer available.

    To bypass spam filters, the spammer inserted seemingly non-relevant or salad words into the message. This can, however, only be seen if you highlight the entire message (enclosed in a red box below for easy viewing).

    The message appears to be intended to gather email addresses. Users may become suspicious of the expired offer page, which may cause them to try to unsubscribe. This is the reason why a link for this very purpose is in the message, which leads to the following page:

    Users should never “unsubscribe” from anything they didn’t subscribe for in the first place. Entering your email address into this page is like handing it over to spammers. It’s possible that this may be used to harvest email addresses for later Valentine’s Day-related attacks.

    Trend Micro product users are protected from these threats, however, as we already detect and block the said spammed messages.

    Posted in Spam | 1 TrackBack »

    Recently, Facebook introduced some changes to its users’ profile pages, which were meant to make it “even easier for you to tell your story and learn about your friends,” said the official announcement.

    It’s probably not a coincidence that soon after this announcement was made, we received fake email messages allegedly coming from Facebook. These told the recipients to download the Facebook toolbar, which supposedly makes it easier for users to share and connect with their friends.

    Note how the spammed message used a template similar to Facebook’s own to seem legitimate. The Download Here button goes to a website that will automatically download an executable file named fb.exe. This contains several component files, one of which is a malicious file detected as IRC_ZAPCHAST.HU.

    In addition to detecting the malicious file, we also detect and block the spammed message and the URL where fb.exe is hosted.



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice