The upcoming summit of the G-20 major economies in Korea has been used in limited spam attacks. Trend Micro received the following spam sample:
The spam supposedly came from the Japanese finance ministry and contains comments on several issues related to the upcoming summit. Tellingly, however, the link to the said comments does not even claim to have a URL related to an official website. The link actually goes to a .ZIP file detected by Trend Micro as TROJ_DROPPER.WTH. When run, it opens a Word document in order to trick users into thinking that nothing malicious happened. In reality, however, it drops a malicious file detected as TROJ_AGENT.JAAK. The registry has also been modified so that the malicious file is run at every startup.
Further analysis of this threat is ongoing though Trend Micro users are already protected. The spam, the malicious URL, as well as the malicious files are all detected and blocked by Trend Micro products via the Smart Protection Network™.