解析者: Dhan Praga

TrendLabs engineers have intercepted new spam samples that use social engineering tactics to trick users into download a backdoor onto their systems. This attack starts once users receive an email notification (Figure 1) purporting to originate from Facebook. When users click any of the links in the email body, they are directed to a website (Figure 2) that appears to be affiliated with the said social networking site. The site, a supposed download page for the nonexistent 'Facebook Messenger', also contains links that point to the same location where FacebookMessengerSetup.exe-1 can be downloaded. Trend Micro detects this malicious executable file as BKDR_QUEJOB.EVL.
 スパムブロック日時 : 2011年4月17日 22:48:00 GMT-8
 TMASE
  • TMASEエンジン:6.5
  • TMASEパターンバージョン:8080

関連マルウェア