Analysis by: Mary Isabel Segismundo

The G20 Summit in Australia is the latest topic to be used in spammed messages. We encountered emails that urged recipients to join a rally that supposedly intends to raise awareness about The human rights crisis in Tibet. The said rally is to be staged during the summit. The spammed message claims that the rally was organized by the Australia Tibetan Community Association, the Australia Tibet Council and eight local Tibetan communities. The email also contains a document attachment.

The attachment is a Trojan detected as TROJ_EXPLOYT.PEL. It drops another malware detected as BKDR_GHOST.PEL into the computer. These malware, along with the spammed message, are blocked by Trend Micro products. We highly advise users who encounter such email to delete the email.

 SPAM BLOCKING DATE / TIME: November 14, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:1102