Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Neil Pondo (Anti-spam Research Engineer)

    The IRS officially kicked off the beginning of tax season in the US, and just right in time for it are the cybercriminals who are already taking advantage and using tax-related messages as a social engineering lure.

    We’ve recently spotted samples of spammed messages posing as a notice from Fidelity Investments, a well-known American financial institution.

    The email, which is in a newsletter-format, contains the subject “Your statement is ready for your review“. It informs recipients that his/her tax statement is attached and ready for review.

    The attachment, however, is a .ZIP file containing an executable file, which was found to be malicious. Trend Micro detects it as TSPY_ZBOT.TYR.

    Users should watch out for such spam campaigns, specially with the tax season already ongoing. We saw attacks similar this one during the tax season last year, so it’s almost a given we’ll see more of it again this time around.

    Spam emails such as those shown above are already blocked through the Trend Micro Smart Protection Network.

    Posted in Malware, Spam | Comments Off on Tax Season Opens, Tax Spam Follows

    After tricking users into viewing ads through a Facebook scam, cybercriminals are again capitalizing on Steve Jobs’s death through malicious spam.

    We were able to find spam that contain the text, “Steve Jobs Alive” or “Steve Jobs Not Dead.”

    Another Steve Jobs-related spam we saw was written in Portuguese, which includes a short text about his death:

    The text in the message above roughly translates to the following:

    Subject: Creator of Steve Jobs of Apple’s Mac, iPod and iPad dies
    Steve Jobs, died of cancer aged 56
    The death of Steve Jobs left an orphan of most of his creations, the Apple, a company shaped in accordance with their technological dreams and now faces the challenge of surviving in the absence of its visionary leader.
    More news portal in direct U.S. in Portuguese

    All of the said messages came with a link that when clicked redirects users to a blank site. We were unable to continue our analysis at this point. In cases like this, however, a blank page is rarely ever truly blank and is often a sign that something else is happening in the background, away from the user’s view. For this particular attack, we found reports suggesting that the said site previously contained a script that loads the BlackHole Exploit kit.

    We are currently monitoring all of the sites for any further development. Trend Micro product users are already protected from this threat, as the spam and the URLs are already being blocked with the aid of the Trend Micro™ Smart Protection Network™.

    Based on Smart Protection Network spam data for the first half of 2011, the volume of traditional spam has been decreasing though these are still being regularly used for malicious schemes. Attacks that involve spam heavily rely on social engineering techniques as well as more advanced methods that render IP blacklisting and content filtering insufficient. For more information on the state of spam and how Trend Micro protects product users from this type of threat, please check out our security focus report, “Spam in Today’s Business World.”



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice