Innovative income-generation system

When you receive a message with a subject “Innovative income-generation system which YOU ordered” with the Unique Income Generation Toolkit (UIGT) and the file Instruction.zip attached to it, do not fall for it. the virus is know as Worm.Win32.AutoRun.ohz by Kaspersky or the Trojan.Kobcka.FR by Bitdefender.

Dear Valued Customer,

Order ID: 74347
Order Total: $59.99

Description: Innovative income-generation system

We are sending you the Unique Income Generation Toolkit (UIGT) developed by the Institute of Innovative Business and Financial Technologies (IIBFT), which you ordered on 9/21/2008.

Your unique UIGT activation code is: DAAAA3E5-B6

Please take a look at the instruction and get acquainted with the activation system, which is strictly confidential.

Please find the list of the company‚s addresses and phone numbers along with further information on UIGT in the enclosed instruction.

______________________________

If you believe this message has reached you by mistake, please contact the support service via phone or e-mail provided in the same instruction.

Respectfully,
Manager (IIBFT)
Andrew Long

The malware can be described as a debugger that is injected into the execution sequence of a target application. This ‘debugger’ can then be run everytime an application is started on an infected computer

the file %ProgramFiles%\Microsoft Common\wuauclt.exe is created, Windows registry will be modified and connection can be made by the virus to servers on the internet http://*****.ru/ld.php?v=1&rs=13441600&n=1&uid=1.

MX Lab has intercepted a few samples of this virus but there’s no outbreak – at least on our systems and at this time of writing – but only 9 of the 36 anti virus engines do detect the virus so it’s important not to open the attachement and run the exe.

Virus Total permlink and MD5: 2ddc320f9b9e1302696166e8372072ba.