Spammers Target Businesses Affected by the Economic Turmoil

Security researchers from anti-virus vendor Trend Micro warn of malicious e-mails targeting enterprise users. Malware distributors have resorted to passing their malicious applications as plans to survive the global economic crisis.

The current state of the global economy is taking its toll on a lot of individuals, as well as companies, and analysts say it will only get worse. Faced with such harsh perspectives, managers are pressured into coming up with solutions to keep their organizations afloat.

Therefore, seeking professional or in-house suggestions in order to draft solid plans for combating the effects of the crisis is a very likely possibility. This is exactly what spammers are trying to capitalize on, the Trend Micro analysts caution.

A recent e-mail caught in the company's spam traps claims to be offering such a business-saving solution. What is most interesting about this e-mail is that it is set up to appear as a reply to a request from the targeted user.

The e-mail is in Spanish, but roughly translated into English it claims to be a response to the following request: "Good afternoon, Please send the recommendations to improve the business in the face of crisis. Attach the plan that was negociated." The reply itself reads, "Hello. We are prepared, see the attached document. Make the payment according to our agreement."

The attached file is a .zip archive, which appears to contain a .doc file. However, the .doc extension is actually a trick, the true name of the file being of the form Documento.doc___________________.exe. This is an interesting trick in itself, as the file name tab of most archive managers is not expanded enough by default in order to display very long names. Therefore, only the first part of Documento.doc is likely to be visible.

The .exe file is a trojan dropper identified by Trend Micro as TROJ_DROPPER.HXK. "Apart from the nifty way of hiding the real extension name of the attached file, another notable thing about this attack is the format of the spammed message itself. The message is fashioned to seem as if the message is a reply to a message previously sent by the user. It even states the text that was supposedly sent by the user," Nino Penoliar, anti-spam research engineer at Trend, comments.

The fact that the spammers jump at any opportunity to profit from events that attract significant interest from users is not new. Yesterday, we reported how cybercrooks poisoned search results with malicious links after a curious file deployed by Symantec to its customers created an online stir.