Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    Spam mails are very annoying, so we turn to spam filters to avoid ending up with an inbox flooded with them. Unfortunately one “anti-spam filter” we’ve encountered isn’t driving junk out, but letting them in.

    We have received an email message claiming that it is from Webmail Support. It is posing as a security announcement and states that the recipient’s mail server is sending out spam because it is infected by a virus that could contaminate their contacts and other users of the network.

    To correct this, it recommends the recipient to download and install an Anti-Spam filter then scan their computer so that they would not block the recipient’s email account.

    Click for larger view

    The message was in Portuguese and is roughly translated to English as:

    Security Announcement

    Dear user, I found that your mail server is automatically sending messages known as SPAM, contami your contacts and other users of the network with the Virus 32/Fbd, it sends false messages to e-mail servers.

    We recommend the installation of the system Antispam, that it be corrected. Otherwise, the provider of WebMail will be given the right to block all of your e-mail account. Grateful for the attention!

    Download Program Antispam filtering below and do a scan on your computer.
    http://{BLOCKED}/suporte/suporte-email/spam

    Regards,
    Protection of the Webmail service.

    * Message for automatic spam filtering. You need not answer it

    However, clicking the link given will trigger download a malicious file instead.

    Click for larger view

    The downloaded file is detected as TROJ_DLOADER.MCS. TROJ_DLOADER.MCS drops TSPY_KEYSPY.S which logs keystrokes on the affected system, then sends all gathered information to a remote user. Successful execution of the mentioned routines could lead to the compromise of the affected system, and loss of critical information.

    The Trend Micro Smart Protection Network provides complete protection from this attack, as all three components of this attack: spam, malicious URL, and malicious files, are already blocked and detected respectively.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice