Spammers often ride on blockbuster movies to proliferate their malicious deeds. Just recently, Trend Micro researchers received spammed messages that piggybacked on the sequel of the Twilight movie, New Moon.
No suprises there as the said movie earned US$274.2 million on its opening weekend and continues to climb the movie charts. In fact, just days before New Moon’s premiere,Trend Micro has already reported about New Moon-related poisoned search results that led to rogue antivirus software or other type of badware.
The spammed email message has the subject “Filme 2009, Film Noi, Filme Gratis” and has a URL that points to a commercial spam site. The email body is written in Romanian, which suggests that this is a targeted attack. However, our researchers rather believe that this spam is more of a trial for advertising a new file-sharing portal.
The links in the spammed emails open a Romanian file-sharing portal (a DC++ hub), which indeed offers further links for downloading movie files. DC++ is an open source tool, which allows users to share files and to chat over the Internet with other users. The DC++ tool and related hubs are highly popular in Romania. FAQ sites describe DC++ hubs as:
A hub is a kind of router who allows DC++ clients to interconnect with one another. It is not called a server because it does not host any files, it just makes the necessary connections (such as chatting, search request, and search results).
All file transfers are made between clients not within the hub.
File-sharing portals like many other “free” offers have seldom charitable intentions. Most of these portals involve users in illegal file sharing, gathering personal data (through member registration), clickjacking, and other questionable actions.
Users are advised to be wary of using free file-sharing portals as well as opening URLs in emails from unknown sources. Trend Micro protects users from this attack via the Smart Protection Network™, which blocks the spammed email message and prevents user access to the spammed site.
Additional text by Alice Decker, Senior Threat Researcher