Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Malicious spammers are really striking while the iron is hot, so to speak.

    Less than a day after spammed messages containing links claiming to point to news related to the recent Russian-Georgian conflict, another spam run bringing malware was found by the Trend Micro Content Security Team.

    Below is an example of the latest spam:

    spam sample
    Figure 1. Spam sample about journalists being shot in Georgia in relation to the recent Russian-Georgian conflict.
    The attached file is a password-protected .ZIP file. Setting a password to enable access to the file prevents the spam filter function of email applications from scanning the attachment for malicious content. In this case, detection was made for the .ZIP file itself to protect the users even before they access the file’s content. The .ZIP file is detected by Trend Micro as WORM_DLOAD.RAR.

    When accessed through the password also contained in the email message (see bottom of spam where it says attach password: 123, the .ZIP file is seen to contain an executable named Joined.exe. This file on the other hand is detected as TROJ_DLOADER.UAF:

    Figure 2. When the attachment is opened, the archive reveals that the “photo” promised in the text is actually an executable.
    Upon execution, TROJ_DLOADER.UAF connects to another host, and downloads additional components — specifically, a rogue antivirus (TROJ_FAKEALRT) variant that displays fake warnings of a malware infection. It attempts to trick the victim into buying a fake antivirus program to eliminate the malware which is supposedly affecting the system. This obviously leaves the victim with a piece of software that was never necessary in the first place, and less money.

    Users are now protected from this attack by the Trend Micro Smart Protection Network.

    The recent Russia-Georgia conflict caused a worldwide stir as Russian troops reportedly invaded certain areas of Georgia, injuring numerous civilians. The said invasion was later concluded, with Russia withdrawing their troops from Georgian soil.

    News items in spam such as this is one of the “facades of choice” by malware authors, promising information on recent events to entice users to click on malicious links. Just this month, fake news alerts purporting to be sent by CNN were repeatedly used by spammers and malware authors to distribute their handiwork:

    Users should exercise caution when opening their email.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice