Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Author Archive - Merianne Polintan (Anti-spam Research Engineer)

    While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest.

    We saw samples of spammed messages that attempted to spoof an Apple Store email notification. The said message informs recipients that they won the latest iPhone 5S mobile phones and iPad.

    Figure 1. Fake Apple email

    To get these prizes, they are asked to go to a specific website and disclose their email address and password. This will obviously result in your credentials ending up in the hands of cybercriminals.

    Figure 2. Phishing page

    The content of the message and the sender’s email address are obviously fake. However, its combination of perfect timing plus popular social engineering hook may cause users to fall into the spammers trap. The most important thing to know is:  “if it’s too good to be true, it probably is” .

    Feedback provided by the Smart Protection Network indicates that this mail is particularly effective in targeting Southeast Asian users:

    Figure 3. Most affected countries

    Trend Micro blocks the said email message and blocks access to the phishing site.

    Posted in Spam | Comments Off on iPhone 5S Phishing Mail Arrives In Time for Launch

    Facebook is undoubtedly the highest-profile social networking site around with more than 500 million active users, half of whom log in on any given day. It shouldn’t be a surprise therefore that its name is now being used for scams—even for things that don’t have anything to do with social networking.

    Earlier this week, we received fake email messages that purportedly came from Facebook. These spammed messages, written in very bad English, warned users that their IP addresses were sending numerous spammed messages to different email addresses.

    Read the rest of this entry »


    Promises of freebies and other enticing promos are just a few of the tricks cybercriminals use to lure users to their profiteering schemes. TrendLabsSM engineers recently discovered suspicious-looking emails pretending to come from the iTunes Store. The spoofed email tells users they won a gift certificate worth US$50 and encourages recipients to check out the certificate code in the .ZIP file attachment. Opening the attachment, however, did not contain a supposed code but instead malware detected as TROJ_SASFIS.HN.

    Click for larger view

    If executed, TROJ_SASFIS.HN drops the pgsb.lto (aka TROJ_DLOADR.SMVE) onto the system. This Trojan connects to websites to obtain instructions, which may include another URL wherein an updated copy of itself or another malware can be downloaded.

    Unfortunately, this is not the first time the iTunes Store has been used in malicious schemes, as evidenced by the following previous entries:

    Users should refrain from opening dubious email messages and be wary of opening their attachments. Trend Micro™ Smart Protection Network™ protects users from this kind of attack by blocking spam before they even reach their inboxes via the email reputation service. File reputation service, on the other hand, prevents the download of TROJ_SASFIS.HN and TROJ_DLOADR.SMVE onto affected systems.


    Cybercriminals—spammers, to be specific—typically hide their malicious intent behind well-known company names. Just recently, TrendLabs engineers encountered a spammed message claiming to be from the Apple Store.

    Click for larger view

    The email message encouraged users to view their latest status updates and to make changes to their online Apple Store orders. This new spam run is probably related to the imminent arrival of the iPad, which is slated to start hitting the U.S. market on April 3.

    The spam samples directed users to websites that are not even related to the Apple Store, making these emails highly suspicious. Further investigation shows that the URLs in the messages were found to be connected to a recently created domain that is involved in selling male enhancers such as Viagra and Cialis.

    The following are just some of the previous blog entries related to Apple and its products:

    As always, Trend Micro advises users to be extra careful when opening email messages they receive because cybercriminals will always attempt to lure possible victims through legitimate-looking spam.

    Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains via the Web reputation service.

    Non-Trend Micro product users can also stay protected from similar bogus email messages by using eMail ID, which uses a two-step verification process to help users quickly find legitimate messages.

    Posted in Spam | TrackBacks (3) »

    TrendLabs researchers received spammed messages purporting to have come from various companies such as eBay, J.P. Morgan Chase and Co., and Colgate-Palmolive, among others. The email bore the subject, “Payment request from,” and informs users about a certain recorded payment request.

    Click for larger view Click for larger view
    Click for larger view

    The spammed message even gave users two options—to either ignore the email if the payment request has been made or to download the attached .ZIP file and install the inspector module to decline the said payment request. If the user does not make any transaction, he/she still needs to download the attachment just to cancel the payment request. The attached .ZIP file is, of course, not an inspector module but an .EXE file (module.exe) detected by Trend Micro as TROJ_AGENTT.WTRA.

    Users are advised to be wary before opening any attached files even if they come from known sources. It is also best to verify emails you receive from any company first just to be sure it is legitimate. Trend Micro secures users from this attack via the Trend Micro Smart Protection Network™, which detects and blocks the spammed emails and prevents the download of the malicious file.



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice