Please be wary of e-mail messages supposed to be coming from Microsoft and using the Trend Micro logo in an attempt to look legitimate. The following sample spammed message, which seems to be targeting Latin American users, leads users to malware:
Figure 1. Sample spam.
The message roughly translates to:
Hello Sir, it was found that your system is automatically sending spammed email messages that contain a virus.
Please install our antispam software, available for download at the end of the message, if your email is blocked for 48 hours.
Thank you for your attention.
Relying again on the popularity of these two said companies, and using what would at first look like a Microsoft/Trend Micro-related content (spam after all is a major Web problem, and everyone has an idea of it), spammers should be able to fool some recipients into actually downloading and installing the attachment.
Instead of the supposed antispam product, users see this:
Figure 2. This file will not protect users from spam.
Trend Micro detects the file vizualizar.exe as TROJ_DLOAD.PW. One of its routines includes the download the file stander2009.exe, an info stealer detected as TSPY_BANKER.GGB. BANKER spyware often target Brazilian users and this threat looks to continue that trend.
Microsoft is a cybercriminal favorite, and has been used as a social engineering technique to lure users to unknowingly install malware into their systems. The more recent threats include that do this include:
- Bogus ‘MS Update’ Comes with Malicious Attachment
- Bogus Microsoft Update Delivers Nasty File Infector
Bogus Trend Micro products and services also featured in several attacks:
- Bogus ‘HouseCall’ Search Results Lead to Adware
- Warning: Spam With Trend Micro Logo Delivers Trojan
- Another Fraudulent Trend Micro Site Appears
The Trend Micro Smart Protection Network already blocks the spammed message and detects the malicious binaries, keeping our PCs safe from information theft. Web users are always reminded to not trust spammed messages no matter what these messages say.