Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
  • Email Subscription

  • About Us


    Archive for the ‘Spam’ Category



    Mar23
    11:19 am (UTC-7)   |    by

    Recently I discussed how TorrentLocker spam was using email authentication for its spam runs. At the time, I suggested that these spam runs were using email authentication to gather information about victim networks and potentially improve the ability to evade spam filters. DomainKeys Identified Mail's (DKIM) own specification mentions the possibility of messages with from “trusted sources” and with a valid signature being whitelisted. Since then, we’ve received several replies that differ with our findings. One of these was Martijn Grooten at Virus Bulletin, who argued that ...

    Posted in Spam | TrackBacks (2) »


    Mar22
    9:22 pm (UTC-7)   |    by

    Analysis by Marshall Chen, Yi Lee, and Joe Wu Brand owners frequently use SPF and DKIM to protect their brands from email forgery. For example, a brand owner could register the same domain name under multiple top-level domains (TLDs) (such as .com, .net, .org, etcetera) and announce SPF/DKIM records for all of these domains (even if they were not actively being used). While generally effective, there is one loophole: what about the .gov TLD? This loophole was recently exploited in a massive phishing attack against American Express, which started ...

    Posted in Spam | TrackBacks (2) »



    In monitoring the ransomware TorrentLocker, we noticed a new development in its arrival vector. In previous entries, we noted that a particular wave of the crypto-ransomware was using spammed messages that were designed to evade spam filters. Our research now shows that TorrentLocker malware are using emails that are designed to pass spam filters and also collect information. Using SPF to DMARC Previous spammed messages were authorized by the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF provides a mechanism to allow ...

    Posted in Malware, Spam | Comments Off on TorrentLocker Ransomware Uses Email Authentication to Refine Spam Runs



    The malware UPATRE was gained much prominence following the demise of the Blackhole Exploit kit. It was since known as one of the top malware seen attached to spammed messages and continues to be so all throughout 2014 with particularly high numbers seen in the fourth quarter of the year. We have released our annual roundup where we talked about the different trends related to spam, and this entry offers a closer look. Looking back at 2014: Notable Spam Trends Based on our ...

    Posted in Spam | Comments Off on 2014 Spam Landscape: UPATRE Trojan Still Top Malware Attached to Spam



    2015 has just begun, but we're already seeing old problems crop up again - particularly the abuse of a lot of legitimate web sites. Since the start of the year, we've been seeing a significant increase in the number of spammed messages with links that lead to various Russian dating sites. Figure 1. Sample of dating site spam While messages of these types are fairly common, this recent wave is unusual in several ways. First, the level of dating site spam is higher than ...

    Posted in Spam | 1 TrackBack »


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice