Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    8:16 am (UTC-7)   |    by

    Trend Micro fraud analysts were recently alerted to the discovery of a new phishing campaign that specifically targets AOL Instant Messenger (AIM) users.

    The spammed message purports to be from AIM and urges recipients to download and execute the latest AIM version to reactivate their currently inactive accounts.

    Click for larger view

    This becomes a problem if the receivers actually have AIM accounts, as they may be tricked into clicking the link, http://{BLOCKED}
    The end result may be the loss of pertinent personal information or, worse, their identities. Instead of getting an actual application update, the link leads to a spoofed AIM website.

    Click for larger view

    Users who land on the phishing page are then prompted to download the malicious file aimupdate_7.1.6.475.exe, which has been detected by Trend Micro as TSPY_ZBOT.JF, which injects threads into certain normal processes. Like its ZBOT predecessors, it also attempts to access a website to update its list of target banks and other financial institutions, which it then sends to a remote site.

    Click for larger view

    Trend Micro™ Smart Protection Network™ protects users from this attack by blocking the spammed messages, preventing user access to malicious sites, and detecting and blocking the download of malicious files.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice