Analysis by: Mark Christian Aquino

Email is the primary means for business and customer communications. As such, cybercriminals typically use spam email as an infection vector in order to infect system and consequently, penetrate an enterprise network. We recently spotted a spammed message, which informs users of important settings for Microsoft Outlook. It bore the subject, Important - New Outlook Settings. In addition, the source appears to be a spoofed address with the format Administrator@{domain}. The spam mail contains a password protected .ZIP file and the actual password is explicitly mentioned in the body of the email. In order to open the said .ZIP file, users are asked to use the password 'PaSdIaoQ'. The .ZIP file also contains a file named Outlook.exe , which is actually a malware detected by Trend Micro as TROJ_UPATRE.CI.

Trend Micro™ Smart Protection Network™ protects users from this threat via detecting the malicious file and spammed message. Users are advised not to open suspicious emails as this may introduce risks like malware infection.

 SPAM BLOCKING DATE / TIME: 13 November 2013 GMT-8
 TMASE
  • TMASE Engine: 7.0
  • TMASE Pattern: 0288

Zugehörige Datei