Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    This is hardly the first time cybercriminals used Facebook to spread spam and malware. As anti-spammers became vigilant with these techniques, these spammers keep up and think of different ways to spread dangerous links to malicious websites. Sample seen recently uses a revived technique: make the email look like it came from a trustworthy source (in this case Facebook), then insert random email addresses into the Reply-To field.

    Facebook spam in Spanish containing malicious links
    Figure 1. Facebook spam contains several links, the first one even looks safe to click. Hovering the mouse over the link reveals it is anything but safe.

    The result: when a user hits the reply button, the mail will automatically include all the email addresses to the recipients field.

    Email window showing the automatically populated To field
    Figure 2. Several email addresses automatically populate the To field.

    The Spanish text of the email message roughly translates to:

    A user of Facebook to send you this message

    The photos arrived you that send you before? because me not respondistes bue you the command debuelta by if the doubts are those of the partuza eye q be not enlivened your girlfriend ciao{BLOCKED}.php

    Click on the link to view the content

    Posted by: I can not say but I know

    If you can not see the content properly click here

    Clicking on any of the links will summon the following prompt:

    Dialogue prompt for download of strangely named file
    Figure 3. The file offered is named strangely. Notice the long underscore.

    Needless to say, the downloaded file is a malicious component, TROJ_DLOAD.AEY. It leads to a BANKER variants TROJ_BANKER.HIJ, which is now currently being analyzed. BANKER variants are notorious data-stealing malware targeting users with online bank accounts. Good thing Smart Protection Network recognizes threats before they ever arrive to the desktop, eliminating the risks to users who may encounter this spam-malware attack.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice