Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Striking email subjects get the job done. Well, given another spamming operation that uses popular personalities and events, that seems to be the case. Using a variety of subject-body combinations (a lot of which are totally unrelated to each other!), these spammed messages again appeal to the curious mind, offering a link in the email body that would seem to provide more details.

    TrendLabs’ Advanced Threats Researcher Joey Costoya says these messages lead users to an R.HTML Web page that also poses as an imitation of adult video-sharing site PornTube. The said page hosts the file VIDEO.EXE. We’ve seen this type of attack before in another spam run that also used pop culture as bait.

    In this screenshot we see the upcoming Beijing Olympics being used to trick fans and those curious enough about the event to click the URL:

    Figure 1. Spam showing unrelated subject heading
    and email body, possibly the result of using spam templates.

    There are several of these VIDEO.EXE URLs, and some of the detections we have seen so far include:

  • TROJ_ZLOB.GBA – notorious fake codec downloader
  • TROJ_AGENT.AKCF – typical downloader
  • TROJ_NUWAR.UW – Storm-related
  • The Trend Micro Smart Protection Network already blocks the spam messages using this trick, and likewise blocks all related malicious URLs, so Trend Micro users are protected from downloading the Trojans. Since the download locations can be updated anytime (today a user may download TROJ_ZLOB.GBA, but tomorrow it might be an entirely new malware), only a multi-layered protection allows users to rest easy.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice