TrendLabs Web content security analysts recently received spammed messages that purported to be from hi5, “a global destination where young people meet and play.” The site claims to have more than 50 million monthly visitors and to be the third largest social media site in the world.
The bogus email asks users to add its sender to their lists of friends just like any normal social networking invitation. What is odd about this email, however, is that it first asks recipients to download and open an attachment, which supposedly contains an invitation.
Unsuspecting users who are tricked into downloading and opening the compressed file (Invitation Card.zip) end up executing a malware detected as WORM_PROLACO.AA instead of an invitation. The attachment contains a file named Document.htm. However, upon closer examination by expanding the Name column in the window, users will discover that the supposed .HTM file is really a malicious .EXE file.
The social engineering technique used in this spam run is probably one of the oldest tricks in the “Spammers’ Handbook,” if there is one. This is precisely why users are always reminded to be wary of opening email messages from people they do not know and to scan file attachments before downloading them onto their systems.
Trend Micro™ Smart Protection Network™ protects users from this threat by preventing the spammed messages from even reaching their inboxes via its email reputation service. It also detects and blocks the malicious file from being downloaded onto and executed in users’ systems via its file reputation service.
Non-Trend Micro product users can also stay protected from this threat via eMail ID, a free tool that helps them avoid opening and acting on email messages attempting to spoof real companies.