Fake Invoice Notification Malspam Uses Dropbox Link To Spread Malware

 Analysis by: Mark Christian Aquino

The team received a mail sample recently, with the body of the mail written in Portuguese. Upon analysis, we discovered that the mail's FROM headers does not contain the same email domains and seems to be randomly generated. The mail's content talks about an issued invoice, and then goes on to ask the reader to click the link provided in the mail. The link, once clicked, would direct users to a legitimate dropbox link. The files that customer would download after clicking the link are far from legitimate, instead being malware which is detected by Trend Micro as TROJ_BANLOAD.IMO.

Users are asked to take extra precaution accessing emails from email addresses they are not familiar with and avoid clicking suspicious URLs inside the mail.

The spam mail and the links it contains are already detected and blocked. Trend Micro™ Smart Protection Network™ protects users from this threat by blocking the spam mail samples, as well as any related malicious URLs and malware.

 SPAM BLOCKING DATE / TIME: June 27, 2013 GMT-8
 TMASE INFO
  • ENGINE:7.0
  • PATTERN:9980