Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Dhan Praga (Anti-spam Research Engineer)

    Cybercriminals are using another major sports event to scam users into giving out personal information.

    We recently encountered a spam campaign that makes use of the “London 2012 Olympic Games” to give credence to their malicious scheme. The spammed messages have been crafted to make the recipients think they won a contest related to the said event.

    We analyzed two spam samples. The first sample has a .DOC file attachment that the users are asked to fill out. The file asks for personal information such as the recipient’s name, address, and mobile phone number, among others. Instead of asking them outright to provide this information in the message’s body, the scammers instead opted to attach the .DOC file most probably to bypass email filters.

    Click for larger view

    Read the rest of this entry »

    Posted in Spam | TrackBacks (4) »

    Holidays like Christmas and Valentine’s Day inevitably come with threats related to the holidays themselves. These attacks have become more persistent throughout the years, perfectly timed to dupe the greatest number of users with the most appropriate social engineering techniques for their holiday of choice. 

    Just today, we saw a certain spam run that seems a little bit too late or, seen in another way, a little too early for the season it’s supposed to ride on. 

    Christmas greeting cards are being spammed out with messages similarly fashioned to those from popular websites known for free e-card sending services. 

    Click for larger view Click for larger view

    The messages arrive with a file attachment in .ZIP format, which the recipients must open to view the e-card. Of course, the file in the .ZIP file being an e-card is just as accurate as it is being the Christmas season in February. The .ZIP file contains malicious files that Trend Micro now detects as WORM_PROLAC.SME, WORM_PROLAC.AB, and WORM_PROLAC.AA. When executed, WORM_PROLAC.SME drops a file detected as TROJ_CUTWAIL.IZ. It also has rootkit capabilities that allow it to hide its processes and files from users. Similar to WORM_PROLAC.SME, WORM_PROLAC.AB has rootkit capabilities and drops several files detected by Trend Micro as TROJ_HILOTI.SMAE, TROJ_FAKEAV.SM3, and TROJ_HILOTI.SME1. 

    Such threats, it seems, will be seen as long as holidays are observed, as these events, in one way or another, affect users’ computing behaviors. Whether they’re deployed at the right time or not, users should remain vigilant and keep themselves protected.



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice