Spammers are constantly using simple social engineering tactics that scare people into opening malicious files. This is definitely not a first time and it seems this method is rather successful. TrendLabs reports a new form of spam email containing a malicious file attachment that have been spreading over the Internet. This time the subject is “Your internet access is going to get suspended”. The spam email claims to come from ICS Monitoring Team telling recipients that they have to stop their illegal downloading of copyrighted material or else their Internet access will be suspended.
The spam email claims that a report of the recipient’s activities for the past six months is in the attached zipped file. Apparently, instead of the said report, the zipped file contains a malicious executable file named user-EA49943X-activities.exe.
The malicious file is currently detected as TROJ_MEREDROP.GJ by TrendLabs. It drops two files, both GOLDUN variants. This Trojans are known information stealers that monitor the Internet browsing activities of affected users. In this particular case the cyber-criminals intend to steal credentials related to the online banking site www.e-gold.com.
This is not the first time malware authors have disguised themselves as the ‘Internet police’. Trend Micro researchers already found spam which also presented users with the same ISP Consorcium spill used in the spam.
No comments:
Post a Comment