Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    We recently captured a spam email that appeared to be from Orkut. It is written in Portuguese, and translates to the following (via GoogleTranslate):

    Problems with your account.

    Dear User,

    We received some complaints against your profile saying you are “using copyrighted material,” and before Orkut disables your account unfairly, asks for you to contact us stating the problem.

    Some information from the complaint:

    Your Profile: {malicious link to phishing page}
    Report: {directly download malware}

    * Please do not reply to this email, follow the instructions in the report of the complaint.

    Warning: Your period for justification is 48h.


    Note: *We are taking measures in accordance with the laws in your country. (Brazil)
    * Please meet the requirements of the report within the stipulated period.

    Figure 1 shows the Portuguese Orkut spam (click to view larger version). Users who click on the first link on the email are led to a phishing page (see Figure 2). At this point users may be led to key in their credentials at this fake site, compromising access to their Orkut accounts. When the browser opens to the phishing page, the browser also automatically downloads a certain file which, should the user accept the download, when saved and run, introduces a BANKER variant (TROJ_BANKER.GAT) to the system.

    Click for larger view Click for larger view

    BANKER variants and their components are notorious malware that together sit silently in victims’ PCs waiting until users browse online banking sites. These then either change the online banking site from the real site to a fake one or directly steal keyed in information such as user names and passwords.

    Users are always advised to enter sites requiring logins using their clean bookmarks or by typing in the correct URL at the browser address bar. Also, ignore email (and the links therein) that come from doubtful or unknown sources. Smart Protection Network protects Trend Micro users from this attack by identifying the phishing mail as malicious, by blocking access to the phishing page, by preventing the download of the malicious file, and by detecting the downloaded file (and related malware) as malicious.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice