Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    The only thing worse than receiving a spammed greeting card is a one that comes with malware. TrendLabs SM senior advanced threats researcher Loucif Kharouni recently acquired a sample spam in the form of an online greeting card. The said card urges recipients to check out the greeting card by clicking the image. Users who are tricked into doing so end up downloading setup.exe, a malicious file detected by Trend Micro as BKDR_ANYTEMIR.A.

    Click for larger view

    Upon execution, the backdoor program connects to a malicious site, which is currently no longer accessible. BKDR_ANYTEMIR.A also creates copies of itself in legitimate folders using file names related to the said folder. Each copy attempts to connect, though unsuccessful, to {BLOCKED}nytimergot.com to possibly receive commands from a remote user.

    Spammed messages are already fixtures of the current threat landscape, a lot of which come in various disguises such as greeting cards related to holidays and special occasions, as reported in the following previous posts:

    Users are strongly advised to immediately delete and refrain from opening suspicious-looking email messages; to never click embedded links and images in dubious messages; and to open file attachments with caution.

    Trend Micro™ Smart Protection Network™ protects users from this kind of attack by blocking spam before they reach inboxes via the email reputation service. Web reputation service, on the other hand, blocks user access to malicious sites where BKDR_ANYTEMIR.A may be downloaded. Finally, file reputation service prevents the download and execution of the backdoor.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice