Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Trend Micro threat analysts were alerted to the discovery of spammed messages that purported to come from Media Service. The email bears the subject, “Congratulations,” and informs users that they won a Macbook Air. It also entices users to open the attached .ZIP file, which supposedly contains the details. Of course, the attachment does not hold any details but does contain an executable file (winner.exe) detected by Trend Micro as TROJ_AGENT.AWYQ.

    Click

    When executed, TROJ_AGENT.AWYQ drops another malware detected as TROJ_CUTWAIL.GO. Cutwail/Pushdo is one of the most notorious spam botnets that sends around 7.7 billion emails a day. Pushdo variants are essentially downloaders, which first infects a system then downloads the Cutwail spam module (also owned by the same criminal gang). It also normally installs one or more different “Campaign Modules” or third-party malware from other malware groups, which account for the large number of observable differences between infections.

    In addition, TROJ_AGENT.AWYQ connects to certain mail servers such as Yahoo!, Gmail, and Hotmail where it sends email attachments containing copies of the malware.

    Users are strongly advised not to open emails from unknown sources, especially if they seem very enticing. Trend Micro secures users from this attack via the Smart Protection Network, which blocks the spammed messages and detects and deletes the malicious files.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice