Unilever Spammed Mail Downloads Malware

 Analysis by: Neil Yves Pondo

Trend Micro researchers spotted spammed mail claiming to be from the Brazilian branch of Unilever, a British-Dutch multinational consumer goods company originally based in the United Kingdom. The body of the message (written in Portuguese) informs the reader in that the company has sent a copy of a document pertaining to contractual procedures for the user's benefit and perusal, and that the document itself could be downloaded by clicking on the provided hyperlink. The hyperlink, when clicked, leads to a malicious file that downloads itself onto the user's system.

Users should never take suspicious messages such as this at face value, and should always seek to verify the information provided first before following its instructions. Verification should always be made through an alternative source, such as calling the company hotline.
 SPAM BLOCKING DATE / TIME: April 20, 2012 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:8852