Analysis byCyril Coronado

Is it normal to receive confidential information from a government unit’s email address? Well, think again. Cybercriminals are leveraging a government-owned email address to lure unsuspecting users into installing a malware.

Recently, we spotted spammed messages that purport to come from U.S. Department of the Treasury about a certain “Notice of Outstanding Obligation.” In the body, the users are instructed to reply back by checking the attached .ZIP file and signing the supposedly document in it. The sender also added a legitimate phone number of the said department just in case the recipient encounters a problem. To make it look more formal, a case number was also mentioned at the end of the subject. Moreover, there are contact details found at the bottom of the email message to make it appear legitimate. The email attachment contains a malicious file detected by Trend Micro as TSPY_FAREIT.AMQ.

Trend Micro protects users from this threat via its Smart Protection Network that detects the spam and malicious file. Users are advised to be wary in opening email messages even if these came from seemingly known sources.

 SPAM BLOCKING DATE / TIME: 01 de февраля de 2013 GMT-8
 TMASE
  • TMASE Engine: :
  • Patrón TMASE: :9610