Analysis by: Mary Isabel Segismundo

We recently received different spammed messages which all contain links leading to malware. The first message pretends to be a hotel confirmation message with a link to download their “electronic hotel reservation.” Another message contains a link to documents related to a supposed bank notification from Lloyds Bank.

Shipping invoices, fax messages, and encrypted messages are the “lures” used in the other spammed messages. Just like the first two messages, all these contained a link to download the file in question.

Should users click the links, they may be redirected to other pages before downloading the malware into their computers. The downloaded malware in all five messages is TROJ_UPATRE.SM01. Once executed, UPATRE downloads other malware into the computer, notably ZBOT and CRILOCK malware.

Users are advised to be cautious when opening emails from supposedly known sources as they may not actually be what they appear. In this particular instance, the messages used names of popular companies like Lloyds Bank, NatWest Bank, and DHL. It’s highly advisable to immediately delete emails from unknown sources. Users are also advised to use security solutions that can detect spammed email messages and malware.

 SPAM BLOCKING DATE / TIME: September 18, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0960

Related Malware