Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    With the current global economic crisis, it is safe to assume that corporations are probably trying to solicit as many ideas as possible from their work force to help improve their business. Quite unfortunately, it is through this that spammers are trying to solicit victims of their illicit scheme, as they send out spam that purports as a reply about the business plan for today’s economic crisis.

    spammed
    Figure 1. The spammed email, which is in Spanish, comes along with an attachment that is supposedly a document file.

    Here is a rough translation of the spam email:

    Hello, Activa3.

    March, Monday 9, 2009, 4:53:25 AM, you wrote:

    > Good afternoon
    > Please send recommendations to improve the business in the face of crisis.
    > Attach the plane that is business.

    Hello.
    We are prepared, see the attached document.
    Check out the second line with our agreement.


    Best regards,
    pick mailto: [email address]

    attachment
    Figure 2. The attached document.

    Opening the attached .ZIP file reveals what seems to be a .DOC file with the file name Documento.Doc. However, expanding the window reveals that the file is actually an .EXE file.

    attachment
    Figure 3. The real extension name is hidden through underscores placed after the file name

    The said file is now detected by Trend Micro as TROJ_DROPPER.HXK. Such spam messages are also already blocked through the Smart Protection Network.

    Apart from the nifty way of hiding the real extension name of the attached file, another notable thing about this attack is the format of the spammed message itself. The message is fashioned to seem as if the message is a reply to a message previously sent by the user. It even states the text that was supposedly sent by the user.

    Here are some similar cases where cybercriminals take advantage of the current global economic crisis for their own gain:





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice