A post today on Trend Micro’s TrendLabs Malware blog pointed out how spammers will use the upcoming G-20 Summit as a way to distribute their content.
It works like this: The spammer sends emails out, they appear to come from the Japanese finance ministry and contain comments on issues related to the Summit.
Should you click on the link, it will lead to a .ZIP file, and when that is run, it opens a Word document which helps cover its tracks so that it does not appear to be malicious… Trend explains that what REALLY happens is that a malicious file is contained in the payload, and the registry is modified so that it is run at startup.
Trend Micro Worry Free Business Security Advanced and ScanMail as well as other Trend Micro products successfully detect this as the appropriately named “TROJ_DROPPER.WTH” and stops it before it gets into your system. The actual malicious file is detected as “TROJ_AGENT.JAAK”.
This is nothing new, every major news-worthy event for the past few years has served as a transport mechanism for various malware and spam messages. If a spammer uses “US President Attacked” as a topic, chances are good, if the from address looks legitimate that a large percentage of people will open it. If that message contains ONLY spam, then at the very least, thousands or tens of thousands of people have just seen their ad about some product or another. If it contains a link to a malicious site, many will follow that link if it looks enticing.
As always, use common sense, and be sure to employ some form of mail system protection. We recommend Trend Micro WFBS Advanced for small businesses like our own.
If you would like additional information about Trend Micro’s security products, or how you can stop or at least cut down on spam that affects your Microsoft Exchange Server, email us at info@homelandsecureit.com or call 864.990.4748. We offer Greenville and Upstate businesses free consultations, and we can help reduce your spam and mail issues!