Analysis by: Michael Angelo Casayuran

Location-based social networking website Foursquare.is now being used as a lure for spam attacks. Trend Micro spotted two spammed messages pretending to be notifications from Foursquare. One pretends to be an alert that someone has left a message for the recipient, while the second message pretends to be a friend confirmation notification.


The email seems legitimate with the address noreply@foursquare.com in the 'From' field. It also uses a legitimate-looking MessageID, which is a unique identifier that serves as the thumbmark of an email. Similar to previous spam attacks that used popular social networking sites, attackers here also disguised malicious URLs. These URLs led its victims to an empty webpage containing another URL that leads to a website promoting sex enhancement drugs.

 SPAM BLOCKING DATE / TIME: April 21, 2012 GMT-8
 TMASE INFO
  • ENGINE:
  • PATTERN:8854