Tweet

They say the Internet is making the world smaller. Whether that’s the case for the rest of us is debatable or not, but for one group of people it’s definitely true: spammers.

Consider this new sample that our team came across recently:

It appears to come from the Brazilian portal site Terra. That, in itself, makes it a little unusual as attacks of this type usually target more well-known global portals such as Yahoo and Google.

The spam claims that someone sent a message and that the user can access the message and photos by clicking on the link provided on email itself. Note, too, that the bottom of the e-mail contains a claim that the message has been scanned by security software. It tries to make users believe that the e-mail is clean of malign code — which, no surprise, it isn’t.

When the user clicks on the link, it redirects and downloads a malicious file “AlbumPicasa.scr,” a Trojan which is detected as TROJ_DLOADR.VIA.

This Trojan connects to URLs to download files named “WindowsUpdate.exe” and “rootx.exe” which are a TROJ_BANKER variant and another TROJ_DLOADR, respectively. BANKER variants are infamously rampant in the Latin American region, where users consider online banking a major convenience–a trend cybercriminals did not miss.

Trend Micro Smart Protection Network blocks spam–protecting users from encountering this threat.