Spam Campaign Circulates Malware using Phony Lawsuit Notice

According to the blog from security firm TrendLabs, published on March 28, 2010, the company received samples of spam e-mails claiming as lawsuit notices. These e-mails told recipients that a lawsuit involving copyright violation had been filed in which they had to defend themselves.

Reportedly, the spam e-mails purported to be from Crosby & Higgins and Marcus Law Center both genuine law companies. The e-mails contained the so-called legal suit in a replicated form.

The spam attack apparently aims at frightening users such that they would download and execute a Trojan on their systems. The fright is incited with the so-called legal suits that are associated with copyright violation. This trend of issuing legal action intimidations through e-mails represents a popular way of preventing unlawful sharing of files that all the more increases the credibility of such messages.

Trend Micro researchers who examined the new spam attack said that one of the e-mails included a Web-link presenting the lawsuit in duplicate. Another e-mail contained an attachment with a .Doc file giving the alleged lawsuit's details. Following the link or viewing the attachment, nevertheless, resulted in malware that Trend Micro detected as TROJ_DLOADR.AUI and TROJ_AGENT.STM rather than more information on the so-called lawsuit.

Earlier also, Omid's Blog reported this incident on March 26, 2010 saying that they came across an e-mail containing a malevolent RTF attachment as also it was dispatched through an alleged lawsuit notice. The e-mail, however, didn't give the name of the company, and instead of targeting approach the e-mail took a shotgun.

As reported by SANS dairy, several .edu websites too received a similar e-mail.

In the meantime, Sunbelt's anti-virus specialists indicate that another spam campaign uses a same way in which malicious executable files are hidden in attached documents. If users view these documents, they would find the name and icon of a seemingly .PDF file. But, the image is connected with an implanted .exe file.

Hence, security experts advise that users must be very careful when they are asked to open attachments or to click on Web-links in e-mails so as to remain safe from possible exploitation.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 4/13/2010