April 11th, 2007 by Ryan Flores
Good day everyone!
March seemed to be a relatively quiet month for malware authors. There were fewer mass-mailed malwares, but we still saw a fair share of TROJ_ZLOB?s and WORM_MYTOB?s making their rounds. IM and web based threats were seen in their usual numbers, with the more interesting ones discussed below.
One probable reason why March was a relatively quiet month is because it lacks an international event. January has New Year and February has Valentines. March has, umm? well? it?s summer in the Philippines, and spring in the US, but not much of an event to effectively use as social engineering. The lack of ?shocking? headlines could?ve contributed too to the calmer March malware traffic.
In a rather unusual attack to Middle Eastern countries, TrendLabs discovered a worm malware that executes only on machines with Arabic or Persian keyboard layouts. The malware?s use of e-mail subjects and bodies that contains references to Israel, Iran, Lebanon, and Gazza, solidifies its intent to infect Arab or Persian speaking users.
In another round of social engineering attack, TROJ_YABE uses another German company, this time the German Telekom, in an attempt to fool users into downloading the malware. The said malware arrives via e-mail claiming to be a bill from German Telekom. A few days earlier, TROJ_YABE was seen arriving as a confirmation e-mail from Apple store Germany.