G20 summit related malicious spam campaign

Spammers are taking advantage of the oddest things. The lately detected spam messages concerning the upcoming G-20 summit in Korea is an example of such a specifically oriented, but very limited spam attack:

According to Trend Micro, the message seems to be coming from the Japanese finance ministry and contains a link to a .zip file that supposedly is a Word document containing comments on “two strategic questions facing the Korean G20 Presidency”.

Unfortunately for the recipients who opened it, the file actually contains a dropper Trojan. When run, it opens a Word document to make the victim believe that the file they downloaded is legitimate, while it drops another Trojan in the background – which modifies the registry in order for the malicious file to be run every time the computer is powered on.