Michael Jackson has been dead for a week already, but there are still a lot of speculations regarding his death. The spam runs are plenty as well — a Michael Jackson-related spam was seen bearing the subject Who killed Michael Jackson?, coming from a sender named x-files.

The spam message suggests that the icon was killed, and that information on who murdered him can be seen on the given URL.

Clicking the said link leads to a website, where the user is asked to execute a file, which supposedly contains secret information, in order to find out who killed Michael Jackson.

But of course, the executable is not at all related to Michael Jackson’s murderer, or to Michael Jackson at all, as the file is really an data-stealer detected by Trend Micro as TROJ_ZBOT.AXY. The Trojan TROJ_ZBOT.AXY connects to a certain URL where it downloads a configuration file containing a list of banking-related websites. Once the user attempts to visit any of the listed sites, a spoofed site is displayed instead of the real one, thus any critical information entered on the spoofed site will be sent to a remote user.

This threat however, doesn’t stand a chance against the Smart Protection Network as of its all components — spam, URL and file — are already either blocked or detected.

Post from: TrendLabs | Malware Blog - by Trend Micro

Spam Speculates Michael Jackson’s Murder

Spam about diet or weight loss plans has been around for ages now, mostly spreading through email. However, it has recently made its rounds on Twitter, compromising unknowing accounts and spreading itself via those it has infected.

Compromised Twitter accounts post a tweet message that tells their followers to click on the shortened link to try out a new diet/weight loss plan:

When users click on the given link, they are redirected to possibly malicious websites that are related to the Acai Berry product:

Compromised accounts were possibly infected from previous Twitter spam attacks, as discussed in the following links, and are being used again for this new attack:

As of this writing, Twitter is already aware of this latest spam attack and has taken the necessary corrective actions to prevent the spam from spreading further.

Users are strongly advised to refrain from clicking the links contained in Tweets with similar messages, even if they come from a known or a trusted account. On the other hand, those users who think that their accounts may be one of those compromised should change their passwords as soon as possible.

Trend Micro™ Smart Protection Network™ protects product users from this kind of attack by blocking user access to the malicious domain and other related sites.

For Twitter users, follow @TrendMicro to get the latest security information and updates on how to be protected from new and upcoming threats.

Post from: TrendLabs | Malware Blog - by Trend Micro

Diet Twitter Spam (on the) Run

Text scams are increasingly becoming common again due to the forthcoming Philippine national and local elections, as political campaigns take to rampant text messaging for faster political mobilization. Earlier, I received a text message with the following content:

May GOD bountifuly bles u & ur family. Have a blissful day Fr Frends of UNI-MAD Party List, United Movement Against Drugs no.181′Luv ur famly, say NO 2 drugs.

According to the Philippine National Statistical Coordination Board, the National Telecommunications Commission (NTC) reported an average of 250 million text messages sent daily in 2005. A more updated study reported an upsurge, which more than doubled the said figure in 2009, along with a growth in the number of mobile phone users (i.e., over 63 million).

Numbers such as these in a country known as the “text capital of the world” set the stage for the proliferation of texts scams such as one that features the following message:

CONGRATULATIONS!!!Your # WON TOYOTA AVANZA car w/ 300thou via electronic last Dec.21,2009. For details,please call now Rene Samonte. of Phil. Info. Center on this #.

As similar instances of text scams have already occurred in the past, it is best to take heed and be wary of your mobile phone activities before you fall prey to potential text scams.

Post from: TrendLabs | Malware Blog - by Trend Micro

Text Spam and Text Scams

Spammers are clearly becoming more and more creative as they try new ways to bypass our anti-spam filters. Just recently, we received a spammed message disguised as a spam quarantine notification message from a competitor.

To the untrained eye, the email looks quite convincing. However, closer inspection of the message properties reveals that while the email purports to come from a certain security company, the sender’s domain name is indosatm2.com.

According to the spoofed mail, an email sent to the user has been blocked by the administrator. The user is then instructed to ignore the message if the blocked mail was indeed a spammed message or to click the embedded link to view the message.

The spammers may be trying to lure users by leveraging people’s natural curiosity. A user who wishes to know the content of the quarantined mail is thus likely to click the link. The said link currently redirects users to an already unavailable website. However, users are still advised to exercise caution when opening email messages and clicking links, even if these appear to be legitimate. It never hurts to be extra careful.

Trend Micro™ Smart Protection Network™ protects product users from this attack by preventing the spammed messages from reaching users’ inboxes via the email reputation service and by blocking access to malicious sites and domains via the Web reputation service.

Non-Trend Micro product users can also stay protected from similar bogus email messages by using eMail ID, which uses a two-step verification process to help users quickly find legitimate messages.

Post from: TrendLabs | Malware Blog - by Trend Micro

Spam Quarantine Notification = Spam