Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    There’s another wave of malware-bearing spam. This time, the spam claims that “new clauses” have been added to the legislation regulating your online activities.


    Figure 1. Spam sample

    Attached in the spam email is the zip file Legislation.zip, which contains Legislation.doc{several whitespace characters}.exe. Yes, this is the age-old double-extension trick which uses a LOT of whitespace to hide the final .exe extension. As the screenshot below shows, the whitespace padding is enough to fool unsuspecting users to double-click the seemingly harmless .doc file inside the ZIP file.


    Figure 2. Screenshot of spam attachment contents

    Trend Micro Smart Protection Network detects the malware as TROJ_AGENT.DAM.

    It must be noted that there was an earlier legislation spam wave earlier this month, with a different email attachment (Legislation-25.doc.exe inside a Legislation.zip attachment) that is already detected as TROJ_AGENTT.Q.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice