New spam campaign uses school reunion tactic

News by SC Staff

Spam messages are being sent out posing as invites to school reunions.

Spam messages are being sent out posing as invites to school reunions.


According to research by Trend Micro, class reunion invitations that are supposedly sent from are being seen in spam. Recipients of the messages are asked to click on a link found in the message to get the details of the ‘reunion' and also see a related video.


The company claimed that the messages appear to have been sent out by spam bots using dynamic IPs from different dialup and broadband ISPs, with the file detected as TROJ_AGENT.ADB.


Anti-spam research engineer, Florabel Baetiong wrote in a blog: “Clicking on the link would actually direct users to a malicious webpage. In this page, a message prompts users to update their Adobe player to be able to view the reunion video, thus tricking them into executing a malicious file.”


Baetiong explained that the Trojan connects to a remote URL to download TSPY_AGENT.AHCN, spyware that gathers information, Internet Explorer passwords and WinInetCacheCredentials, which are protected storage items.


The information-stealing routine risks the exposure of victim's sensitive information, which may then be used by cybercriminals for malicious purposes. TSPY_AGENT.AHCN also has rootkit capabilities that enable it to hide its files and processes from a user.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews