With the current global economic crisis, it is safe to assume that corporations are probably trying to solicit as many ideas as possible from their work force to help improve their business. Quite unfortunately, it is through this that spammers are trying to solicit victims of their illicit scheme, as they send out spam that purports as a reply about the business plan for today’s economic crisis.
Figure 1. The spammed email, which is in Spanish, comes along with an attachment that is supposedly a document file.
Here is a rough translation of the spam email:
March, Monday 9, 2009, 4:53:25 AM, you wrote:
> Good afternoon
> Please send recommendations to improve the business in the face of crisis.
> Attach the plane that is business.
We are prepared, see the attached document.
Check out the second line with our agreement.
pick mailto: [email address]
Figure 2. The attached document.
Opening the attached .ZIP file reveals what seems to be a .DOC file with the file name Documento.Doc. However, expanding the window reveals that the file is actually an .EXE file.
Figure 3. The real extension name is hidden through underscores placed after the file name
The said file is now detected by Trend Micro as TROJ_DROPPER.HXK. Such spam messages are also already blocked through the Smart Protection Network.
Apart from the nifty way of hiding the real extension name of the attached file, another notable thing about this attack is the format of the spammed message itself. The message is fashioned to seem as if the message is a reply to a message previously sent by the user. It even states the text that was supposedly sent by the user.
Here are some similar cases where cybercriminals take advantage of the current global economic crisis for their own gain: