Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    7:28 am (UTC-7)   |    by

    Spammers often ride on blockbuster movies to proliferate their malicious deeds. Just recently, Trend Micro researchers received spammed messages that piggybacked on the sequel of the Twilight movie, New Moon.
    No suprises there as the said movie earned US$274.2 million on its opening weekend and continues to climb the movie charts. In fact, just days before New Moon’s premiere,Trend Micro has already reported about New Moon-related poisoned search results that led to rogue antivirus software or other type of badware.

    Click for larger view

    The spammed email message has the subject “Filme 2009, Film Noi, Filme Gratis” and has a URL that points to a commercial spam site. The email body is written in Romanian, which suggests that this is a targeted attack. However, our researchers rather believe that this spam is more of a trial for advertising a new file-sharing portal.

    Click for larger view

    The links in the spammed emails open a Romanian file-sharing portal (a DC++ hub), which indeed offers further links for downloading movie files. DC++  is an open source tool, which allows users to share files and to chat over the Internet with other users. The DC++ tool and related hubs are highly popular in Romania. FAQ sites describe DC++ hubs as:

    A hub is a kind of router who allows DC++ clients to interconnect with one another. It is not called a server because it does not host any files, it just makes the necessary connections (such as chatting, search request, and search results).
    All file transfers are made between clients not within the hub.

    Click for larger view

    File-sharing portals like many other “free” offers have seldom charitable intentions. Most of these portals involve users in illegal file sharing, gathering personal data (through member registration), clickjacking, and other questionable actions.

    Users are advised to be wary of using free file-sharing portals as well as opening URLs in emails from unknown sources. Trend Micro protects users from this attack via the Smart Protection Network™, which blocks the spammed email message and prevents user access to the spammed site.

    Additional text by Alice Decker, Senior Threat Researcher

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Patrick Burwell

      "suprises"? Did we forget to spellcheck? :)

      "The links in the spammed emails open a Romanian file-sharing portal"
      Now you know why we block whole country roots.

      Serious, thanks for the heads up.

      Guess we'd better watch out for the full moon; The spam blockers may grow teeth and get REAL hairy then too. 😉

    • Pingback: » New Moon, New Spam()


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice