If there’s one thing that security experts and spammers share in common, it’s that they both think outside the box. Time and time again, we see spammers come up with new techniques or even recycle old tactics just to effectively lure users.
And this is no exception…
Trend Micro Advanced Threats Researcher Loucif Kharouni discovered a spammed email message supposedly coming from TIM Brazil, a popular mobile company in the country. What’s interesting about the message is that appears to be sent via SMS or Short Message Service. Here’s a sample email message:
Figure 1. Sample of TIM Brazil spam
This message tricks users into clicking a link to view a certain video. Users who click on the said link unknowingly download a CPL file detected by Trend Micro as TROJ_DLOAD.KW or another malicious file detected as TROJ_DLOAD.KY. Both files are hosted on the URL hxxp://{BLOCKED}r.alice.it. Here’s a screenshot of the page where the files are hosted:
Figure 2. The link in the email message leads users to this page.
Kharouni says this is the first time he has encountered this type of spam. He believes that the messages were just faked to look like they were sent via SMS. This may be a cause of concern as this social engineering technique shows a crossover between the use of both mobile devices and the Web as infection vectors. SMS spam used to propagate only through mobile devices before. Though the spammed messages in this run do not appear to be sent through SMS, spammers may now be going to that direction.
The Trend Micro Smart Protection Network already blocks the email messages involved in this spamming operation. It also detects TROJ_DLOAD.KW and TROJ_DLOAD.KY and provides solution for their cleanup and removal. Users are strongly advised to be wary of clicking links in unexpected email messages, even if they seem to be sent by legitimate sources.
Other threats related to mobile devices:
