A few days ago, TrendLabsSM engineers received spam containing salad words (see Figure 1) along with a .ZIP file attachment (see Figure 2). This mixture of random words can be seen in the subject header and in the spam body. This was purposely done by spammers to bypass anti-spam filters that users may already be using. The .ZIP file attachment contains an .RTF file.
Though the .RTF file is not malicious, its contents comprise the actual spam as shown in Figure 3. The .RTF document also displays a link as well as the names of different adult medicine brands (e.g., Viagra, Cialis, Levitra, and others). Clicking the link redirects users to the Canadian pharmacy site shown in Figure 4.
To protect yourself against similar attacks, always pay attention to every detail in email messages you receive. As this example demonstrates, it is sometimes quite easy to distinguish what is real from what is not. All you need to do is to carefully observe.
Trend Micro™ Smart Protection Network™ already protects product users from this particular threat by preventing the spam from even reaching their inboxes via the email reputation service and by blocking access to the phishing site via the Web reputation service. Non-Trend Micro product users can also stay protected by using free tools like eMail ID, a browser plug-in that helps identify legitimate email messages in inboxes.
Share this article