Fake Optus and DIAC Notifications Lead To Backdoor

 Analysis by: Mark Christian Aquino

Optus, one of the largest telecommunication companies in Australia, along with the the Department of Immigration and Citizenship (DIAC), have both become victims of a recent spam campaign. We received samples of the campaign's spammed emails that target the customers of both organizations, each one made to look as though they've been sent by the organizations themselves.

Both spammed mails are similar in their approach in directing the user to open their attachments. In the spammed mail claiming to come from DIAC, the email body tells the user that their requested information is within the attached archive. The spammed mail allegedly coming from Optus meanwhile directs the user to check the attachment for their new temporary login details, following a change of password request.

The attachments are actually backdoor malware, and may exhibit their malicious routines once accessed by the user. The backdoor is detected as BKDR_ANDROM.ANI. 

Trend Micro customers are already protected from the spammed mails and the payload they carry. Users are also reminded to always be wary of unexpected correspondence such as these, and to always verify the identity of the sender first before opening any attachments.

 SPAM BLOCKING DATE / TIME: March 05, 2013 GMT-8
  • ENGINE:7.0
  • PATTERN:9690