Websense: Alert Russian language spam campaign
April 2009 by Websense
Websense Security Labs™ ThreatSeeker™ Network has discovered a new Russian language spam campaign spreading widely by email, that lures users into downloading a fake SMS reader application.
We have received hundreds of these malicious emails through our HoneyPot system. The email messages are written in Russian and claim to introduce the latest version of their SMS Reader V4.0, which can download SMS messages to any mobile phone anonymously and automatically. At the end of the email they provide the link to download a free trial version which, when clicked, downloads a trojan file with MD5 104032f2a5789a2468fb47005ae256ee. See AV detection report here. Each spam email contains a URL link to a seemingly randomly-named executable hosted on Russian hosting servers.
Screenshot of the email:
Websense® Messaging and Websense Web Security customers are protected against this attack.