Spammers are playing police and scaring people into opening malicious files once again.
A new form of spam email containing a malicious file attachment have been spreading over the Internet with the subject Your internet access is going to get suspended. The spam email claims to come from ICS Monitoring Team telling recipients that they have to stop their illegal downloading of copyrighted material or else their Internet access will be suspended.
Below is the spam mail’s screenshot:
The spam email claims that a report of the recipient’s activities for the past six months is in the attached zipped file. Apparently, instead of the said report, the zipped file contains a malicious executable file named user-EA49943X-activities.exe. Below is a screenshot of the said malicious file:
The malicious file user-EA49943X-activities.exe is currently detected as TROJ_MEREDROP.GJ. It drops two files, both GOLDUN variants. This Trojans are known information stealers that monitor the Internet browsing activities of affected users. In this particular case the cyber-criminals intend to steal credentials related to the online banking site www.e-gold.com.
This is not the first time malware authors have disguised themselves as the ‘Internet police’. Trend Micro researchers already found spam which also presented users with the same ISP Consorcium spill used in the spam reported here.
Trend Micro customers are now protected from this attack through the Trend Micro Smart Protection Network. Other users are advised to disregard such email messages upon receiving them.