Microsoft Service Agreement Notification Spam

 Analysis by: Mark Christian Aquino

Important notifications such as security updates tend to be critical for end users to protect their systems from threats. Ironically, cybercriminals are leveraging these types of notifications to trick users into thinking that the email message is legitimate. We recently spotted a spam run that takes advantage of the newly released Microsoft Service Agreement. It also employs the legitimate template of the Microsoft Service Agreement and has .ZIP file attachment containing a malicious .EXE file. Trend Micro detects this as BKDR_ANDROM.AE.

Trend Micro protects users from this spam run via its Smart Protection Network™ that detects the malicious file and spam. Users are strongly advised to verify first the accuracy of these notifications by contacting the organization or by going directly to their official website.

 SPAM BLOCKING DATE / TIME: September 17, 2012 GMT-8
  • ENGINE:6.8
  • PATTERN:9190