Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    They say the Internet is making the world smaller. Whether that’s the case for the rest of us is debatable or not, but for one group of people it’s definitely true: spammers.

    Consider this new sample that our team came across recently:

    Click for larger view

    It appears to come from the Brazilian portal site Terra. That, in itself, makes it a little unusual as attacks of this type usually target more well-known global portals such as Yahoo and Google.

    The spam claims that someone sent a message and that the user can access the message and photos by clicking on the link provided on email itself. Note, too, that the bottom of the e-mail contains a claim that the message has been scanned by security software. It tries to make users believe that the e-mail is clean of malign code — which, no surprise, it isn’t.

    When the user clicks on the link, it redirects and downloads a malicious file “AlbumPicasa.scr,” a Trojan which is detected as TROJ_DLOADR.VIA.

    This Trojan connects to URLs to download files named “WindowsUpdate.exe” and “rootx.exe” which are a TROJ_BANKER variant and another TROJ_DLOADR, respectively. BANKER variants are infamously rampant in the Latin American region, where users consider online banking a major convenience–a trend cybercriminals did not miss.

    Trend Micro Smart Protection Network blocks spam–protecting users from encountering this threat.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice