Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    There’s another wave of malware-bearing spam. This time, the spam claims that “new clauses” have been added to the legislation regulating your online activities.


    Figure 1. Spam sample

    Attached in the spam email is the zip file Legislation.zip, which contains Legislation.doc{several whitespace characters}.exe. Yes, this is the age-old double-extension trick which uses a LOT of whitespace to hide the final .exe extension. As the screenshot below shows, the whitespace padding is enough to fool unsuspecting users to double-click the seemingly harmless .doc file inside the ZIP file.


    Figure 2. Screenshot of spam attachment contents

    Trend Micro Smart Protection Network detects the malware as TROJ_AGENT.DAM.

    It must be noted that there was an earlier legislation spam wave earlier this month, with a different email attachment (Legislation-25.doc.exe inside a Legislation.zip attachment) that is already detected as TROJ_AGENTT.Q.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice