Recently our CTO, Raimund Genes, talked about how spam was still a problem today, even if users “know not to click on them”:

Let’s talk about what spam is, why it’s still a problem today, and what Trend Micro is doing to help solve this threat.

Spam is what we call unsolicited e-mail message sent in bulk. They come in different types, namely:

• Adult/Sexual: Pornographic content, sexual enhancers, online dating
• Commercial: Selling products/services, web hosting, OEM
• Education/Degree: Online degree offers
• Financial: Bank loans, financial counseling, mortgage/debt reduction, credit card offers
• Health: Online pharmacy, herbal, drugs
• Others: Malware-related, phishing messages, racial
• Scam: Lottery, money mules, job offers
• Spiritual: Religious
• Stock: Stock promotion, pump and dump campaigns

Some of these e-mail messages are just meant to advertise their wares by flooding users’ inboxes. However, some of them can also cause real problems for their recipients. Some spammed messages are used for phishing attacks and spreading malware, which allows the attacker to collect sensitive information (such as bank accounts, credit card numbers, passwords) or even use the infected system for their crimes.

Read the rest of this entry »

Due to their ever-growing popularity, social networks have been a continuous target of cybercriminals to proliferate their malicious schemes. TrendLabs^SM received samples of another Facebook spam, this time also taking advantage of the popular micro-blogging site, Twitter.

The mail, which poses as a Facebook notification message, uses adult-themed strings to lure users into opening the attachment. The .ZIP file attachment, Twitter.zip, contains the file twitter.html, which has an embedded malicious script that Trend Micro detects as JS_REDIR.AE.

Social networks are still on the verge of reaching their peak, as an increasing number of users spend more time on managing their accounts. According to the latest findings by Nielsen, social networking and blogging account for one in every four-and-a-half minutes people spend online.

With Facebook still remaining as one of the world’s most popular social media sites and Twitter not far behind, cybercriminals will most likely use these sites more and more to propagate malicious codes.

In fact, Twitter itself is also becoming a means of spreading spam. As discussed by Trend Micro researcher Rik Ferguson, malicious Tweets now lead to malicious .PDF and .EXE files detected as TROJ_PIDIEF.JCS and TROJ_SMALL.LEC, respectively.

Fortunately for Trend Micro product users, Smart Protection Network blocks the malicious files from running on user systems.

Additional text by Carolyn Guevarra and Jonathan Leopando

Beware, Twitter enthusiasts! Spam posing as Twitter email notifications are currently proliferating in the wild. The spam are of two types—the first type attempts to steal personal information or login credentials while the second attempts to infect systems with malware.

A legitimate Twitter notification email looks like this:

It usually begins with “Hi, *name of user*” and contains the words, “You have a direct message:,” followed by the message itself.

The two Twitter spam samples, on the other hand, look like these:

The sample on the left uses a generic greeting while the email body only says, “You have 1 unreaded message from Twitter,” followed by a URL. This directs recipients to a site where they are asked to give out personal information. The sample on the right also uses a generic greeting along with the message, “You have 3 information message(s),” followed by a URL. Instead of asking the recipients for personal information when they click the link, malware are instead downloaded onto their systems. However, the malicious URLs are already inaccessible as of this writing.

Spammers and cybercriminals have had a long history with Twitter and its users, as featured in these previous entries:

• Diet Twitter Spam (on the) Run
• A New Twitter Worm Is Making the Rounds
• Twitterbuilding.com—Stealing Your Passwords One Tweet at a Time

To protect yourself against similar attacks, always pay attention to every detail in emails you receive. It is, after all, easy to distinguish what is real from what is not. All you need to do is carefully observe.

A new wave of spammed messages posing as mail service notifications targeted antivirus companies, including Trend Micro. These messages ask the receivers to update their mailbox settings by opening and executing the attachment.

The two samples above TrendLabs obtained were sent to domains that belonged to Trend Micro. The file attachment does not contain any mailbox settings but instead a malicious file detected as TROJ_FAKEAV.EAO.

This spam run is similar to a run that TrendLabs earlier reported wherein Trend Micro advanced threats researcher Joey Costoya said the subdomains may have been tailor-made, depending on the recipients’ email addresses. That spam run was actually part of a phishing attempt that targeted employees of various companies, including Trend Micro.

The Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from reaching users’ inboxes via the Web reputation service and by detecting and removing the malicious file via the file reputation service.

Non-Trend Micro product users can also stay protected by using eMail ID, which prevents fake messages from reaching their inboxes. It also helps users quickly find legitimate messages.