Dhan Praga (Anti-spam Research Engineer) | Security Intelligence

May 2013
S	M	T	W	T	F	S
« Apr
	1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

May12

London 2012 Olympics Scams Spotted

3:00 am (UTC-7) | by Dhan Praga (Anti-spam Research Engineer)

Cybercriminals are using another major sports event to scam users into giving out personal information.

We recently encountered a spam campaign that makes use of the “London 2012 Olympic Games” to give credence to their malicious scheme. The spammed messages have been crafted to make the recipients think they won a contest related to the said event.

We analyzed two spam samples. The first sample has a .DOC file attachment that the users are asked to fill out. The file asks for personal information such as the recipient’s name, address, and mobile phone number, among others. Instead of asking them outright to provide this information in the message’s body, the scammers instead opted to attach the .DOC file most probably to bypass email filters.

Read the rest of this entry »

Posted in Olympics, Spam | TrackBacks (4) »

Feb16

Christmas Spam in February?

6:05 pm (UTC-7) | by Dhan Praga (Anti-spam Research Engineer)

Holidays like Christmas and Valentine’s Day inevitably come with threats related to the holidays themselves. These attacks have become more persistent throughout the years, perfectly timed to dupe the greatest number of users with the most appropriate social engineering techniques for their holiday of choice.

Just today, we saw a certain spam run that seems a little bit too late or, seen in another way, a little too early for the season it’s supposed to ride on.

Christmas greeting cards are being spammed out with messages similarly fashioned to those from popular websites known for free e-card sending services.

The messages arrive with a file attachment in .ZIP format, which the recipients must open to view the e-card. Of course, the file in the .ZIP file being an e-card is just as accurate as it is being the Christmas season in February. The .ZIP file contains malicious files that Trend Micro now detects as WORM_PROLAC.SME, WORM_PROLAC.AB, and WORM_PROLAC.AA. When executed, WORM_PROLAC.SME drops a file detected as TROJ_CUTWAIL.IZ. It also has rootkit capabilities that allow it to hide its processes and files from users. Similar to WORM_PROLAC.SME, WORM_PROLAC.AB has rootkit capabilities and drops several files detected by Trend Micro as TROJ_HILOTI.SMAE, TROJ_FAKEAV.SM3, and TROJ_HILOTI.SME1.

Such threats, it seems, will be seen as long as holidays are observed, as these events, in one way or another, affect users’ computing behaviors. Whether they’re deployed at the right time or not, users should remain vigilant and keep themselves protected.