Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    There’s another wave of malware-bearing spam. This time, the spam claims that “new clauses” have been added to the legislation regulating your online activities.

    Figure 1. Spam sample

    Attached in the spam email is the zip file, which contains Legislation.doc{several whitespace characters}.exe. Yes, this is the age-old double-extension trick which uses a LOT of whitespace to hide the final .exe extension. As the screenshot below shows, the whitespace padding is enough to fool unsuspecting users to double-click the seemingly harmless .doc file inside the ZIP file.

    Figure 2. Screenshot of spam attachment contents

    Trend Micro Smart Protection Network detects the malware as TROJ_AGENT.DAM.

    It must be noted that there was an earlier legislation spam wave earlier this month, with a different email attachment (Legislation-25.doc.exe inside a attachment) that is already detected as TROJ_AGENTT.Q.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice