We’ve observed a new malicious spam threat that arrives as an email promoting a free software trial that purportedly can be used to spy on people’s SMS (Short Message Service) messages. The spammers are claiming that this software can be used to snoop around the SMS messages of your partner, or for general SMS spying, and a URL is provided for a download of a 30-day free trial of the software.
Unfortunately the URL leads a user to download an executable file that goes by different names, such as sms.exe, smstrap.exe, and freetrial.exe—all of which are nothing but pieces of malicious code. Symantec security products identify the particular malware served up in this attack as W23.Waledac.
As is common in spam, these messages target human emotions such as fear, jealousy, and suspicion to spread the malware. But, as always, Symantec recommends that you remain wary of messages that arrive from an unknown or unexpected source. Remember, if it sounds too good to be true, it probably is.
These particular spam emails are coming in with a variety of subject lines, such as:
Subject: Read her messages
Subject: Read his messages!!!
Subject: How well do you know your partner?
Subject: Keep a spy eye on your Girlfriend's mobile
Subject: Are you interested in reading other people's sms?