Sly Spam Run Targets Hotmail Users

Senior Security Analyst Rik Ferguson reports that spam messages arrive with text indicating that it has file attachments that are image files with the JPEG format. In truth however, the file names of attachments are actually links that connect to shortened URLs, which in turn connect to malicious URLs.

Connecting to the malicious URLs, which are now blocked, leads to the download of the malicious file fotos.com which is now detected as TROJ_DLOADR.AQJ. The said file, in turn, downloads a wide variety of information-stealing malware. The malicious URLs and files are all blocked through the Trend Micro Smart Protection Network.

Quite noteworthy is the fact that the links were crafted to, at first glance, look very similar to how file attachments are displayed in most emails. An envelope-shaped icon is even seen at the side of each of the links, which is typical for file attachments.

The attachment details are indicated not in the message area, but above it, along with the other fields. The number of attached files are supposed to be stated right under the email address in the To: field. The size of the attached file is displayed beside the file name. The attached images are always displayed at the bottom of the message. Hotmail users are advised not to click on any of the links contained in messages that do not display the abovementioned details.