TSPY_TINBA Delivered as an Attachment to Your Order

 Analysis by: Cedrick Ramos

Spammed messages that go as zamowienie, which translates to Order in English, are seen circulating with a .ZIP attachment. The attachment, when opened, installs a data-stealing malware detected by Trend Micro as TSPY.TINBA.YYSOS.

While it is common occurrence for spam mail to carry malware, some are still duped to opening attachments like these. The spammer's attempt at using a different language may also suggest that these messages are aimed at specific users who are able to understand the language. We strongly advise to refrain from opening mail like these.

 SPAM BLOCKING DATE / TIME: February 26, 2016 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2158