Analysis by: Mark Christian Aquino

The recent tragedy that happened in China Railway's Guangzhou Station is the third and latest incident involving the railway and the hundreds of thousands that use it every day. On Tuesday May 6, officials reported that at least 6 people were injured when an unconfirmed number of assailants began stabbing bystanders in Guangzhou station. Officials have blamed this attack on seperatists from the Uighur minority group.

Despite the shock and terror-filled public reaction that is natural to such horrific tragedy, cybercriminals have found a way to use this incident in their spamming routines. The team received samples of a spam email containing snippets of texts related to the recent Guangzhou stabbing as well as a link which, when clicked, would download a malicious executable file which Trend Micro detects as BKDR_KULUOZ.VLT.

All the spammed mails and their variants, along with their embedded URLs and all other elements related to this spam campaign is detected and blocked by the Trend Micro™ Smart Protection Network™.

 SPAM BLOCKING DATE / TIME: May 09, 2014 GMT-8
 TMASE INFO
  • ENGINE:7.5
  • PATTERN:0678