Another Breplibot malware is being spammed via email this night and Trend Micro will be detecting it as BKDR_BREPLIBOT.H. Our email honeypot intercepted a few sample mails with different subject and body encouraging the recipient to open the attachment. Check out the Advisories page for other details of the spammed email. Click on the following:
It is also noted that some of the emails mentions of two URLs, one is www.TotalBusiness.com and the other is www.Guardian.com. These web sites are totally legitimate. www.TotalBusiness.com is all about business, how to start one, finance a business, market your business and etc. Meanwhile, www.Guardian.com is all about glass products. However, these two sites seems not aware of this spam emails using their legitimate web site which may contribute in the social engineering being used by the malicious attacker.
It is advised that users are well educated about spam emails and the attachments. Attachments from unsolicited emails coming from known or unknown contacts can be malwares. This attachment can be archived as a Zip or a Rar file and inside of the archive is an executable binary file with a file extension of nay of the following; scr, exe, pif, and etc. Users are also advised to always update their pattern files regularly. =)