Analysis by: Fjordan Allego

The death of actor Robin Williams on August 12, 2014 came as a shock to people all over the world. The news of the actor's untimely death spread online like wildfire and quickly became a popular topic among netizens, including spammers and cybercriminals.

As soon as the news broke about the Robin Williams' passing, we intercepted a spammed email that mentions the actor's name in the email subject. The spam's content is written in Spanish and asks recipients to download a 'shocking' video about Williams' death.

The 'video' mentioned in the email is found to be hosted in the file sharing site 4Shared. Clicking the supposed video link instead downloads an executable file named VIDEO_MPG3453.exe. This suspicious file is currently detected as WORM_GAMARUE.WSTQ.

We will continue to monitor threats that take advantage of similar trending topics to spread malware. Users are highly advised to only click and share links from reputable and legitimate sources.

Trend Micro blocks all threats associated to this attack.

 SPAM BLOCKING DATE / TIME: August 13, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0878