Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:


  • Recent Posts

  • Calendar

    March 2015
    S M T W T F S
    « Feb    
    1234567
    891011121314
    15161718192021
    22232425262728
    293031  
  • Email Subscription

  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for the ‘Spam’ Category




    Early this year Microsoft reported an increase in macro-related threats being used to spread malware via spam. Similarly, we’ve been seeing a drastic increase in spammed emails with attached Microsoft Word documents and Microsoft Excel spreadsheets that come with embedded macros. Macros are a set of commands or code that are meant to help automate certain tasks, but recently the bad guys have yet again been utilizing this heavily to automate their malware-related tasks as well. Here are some recent blog ...

    Posted in Malware, Spam |


    Mar23
    11:19 am (UTC-7)   |    by

    Recently I discussed how TorrentLocker spam was using email authentication for its spam runs. At the time, I suggested that these spam runs were using email authentication to gather information about victim networks and potentially improve the ability to evade spam filters. DomainKeys Identified Mail's (DKIM) own specification mentions the possibility of messages with from “trusted sources” and with a valid signature being whitelisted. Since then, we’ve received several replies that differ with our findings. One of these was Martijn Grooten at Virus Bulletin, who argued that ...

    Posted in Spam | TrackBacks (2) »


    Mar22
    9:22 pm (UTC-7)   |    by

    Analysis by Marshall Chen, Yi Lee, and Joe Wu Brand owners frequently use SPF and DKIM to protect their brands from email forgery. For example, a brand owner could register the same domain name under multiple top-level domains (TLDs) (such as .com, .net, .org, etcetera) and announce SPF/DKIM records for all of these domains (even if they were not actively being used). While generally effective, there is one loophole: what about the .gov TLD? This loophole was recently exploited in a massive phishing attack against American Express, which started ...

    Posted in Spam | TrackBacks (2) »



    In monitoring the ransomware TorrentLocker, we noticed a new development in its arrival vector. In previous entries, we noted that a particular wave of the crypto-ransomware was using spammed messages that were designed to evade spam filters. Our research now shows that TorrentLocker malware are using emails that are designed to pass spam filters and also collect information. Using SPF to DMARC Previous spammed messages were authorized by the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). SPF provides a mechanism to allow ...

    Posted in Malware, Spam |



    The malware UPATRE was gained much prominence following the demise of the Blackhole Exploit kit. It was since known as one of the top malware seen attached to spammed messages and continues to be so all throughout 2014 with particularly high numbers seen in the fourth quarter of the year. We have released our annual roundup where we talked about the different trends related to spam, and this entry offers a closer look. Looking back at 2014: Notable Spam Trends Based on our ...

    Posted in Spam |


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice