Capsized South Korean Ferry Used in Spam

 Analysis by: Mark Christian Aquino

Last April 16, 2014, news of South Korean ferry, ‘Sewol’ incident, which carried 476 passengers shocked the world. And as with other major news, tragic or not, spammers did not hesitate to use this big news to lure unsuspecting users to their social engineering ploy.

There are spammed messages leveraging this current news that contain a malicious .ZIP file attachment containing a malware detected by Trend Micro as BKDR_KULUOZ.SMAL. The email supposedly contains a court order notifying the recipient of his/her scheduled court hearing. Although the email does not talk about the capsized ferry directly, snippets of the news can be seen at the bottom of the email, which is a common technique used by spammers to bypass spam filters.

Users are advised to be wary of spammed messages that capitalized on news such as this one. Trend Micro protects users from this threat via its Smart Protection Network that detects the spam and malware.

 SPAM BLOCKING DATE / TIME: April 16, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0636