Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us

    As the controversy about Italian Prime Minister Silvio Berlusconi rises, spammers take advantage of the news to lure their victims to their malicious plots.

    The spammed mail claims to come from YouTube, but checking the domain of the sender reveals that it actually came from youtorube.com, and not from the real youtube.com.


    Figure 1. Notice the extra letters in the sender domain

    Below is the rough translation of the mail from Italian to English:

    Have you seen what combines our Chairman of the Silvio Berlusconi? You have followed your story on escort?
    Thanks to a journalist of LAW, we have the opportunity to see our premier while running along with the escort
    leaving little in the newspapers .. if you want to see them, and this link: http://you{BLOCKED}e.com/watchv=W3k9pMtrccQ.html
    TO VIEW THE VIDEO, AND ‘THE FOLLOWING IS NECESSARY TO INSTALL CODEC

    Below is the screenshot of the mail:


    Figure 2. Spam sample

    To view the said video, user must download and intall a video codec first. Upon clicking the link, it will download a malicious file named wmpcodec.exe. The spam mail is already detected in TMASE Full Pattern 6726, and all URLs are now blocked by Trend Micro. In addition, the malicious file is detected as WORM_KOLAB.DI.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice