Statement January – October virus
October 17, 2008 2 Comments
MX Lab intercepted a new virus variant that is only detected by 5 of the 36 anti virus engines on Virus Total. The virus is known as PAK_Generic.001 by Trend Micro, Backdoor.Win32.Haxdoor by Ikarus or as Trojan:Win32/Emold.gen!C by Microsoft.
The emails are distributed with the subjects:
Data request
Attached Statement
Statement January – October
Account data
Account informationxxx.xxx Report 1/1/2008 – 10/1/2008. (where xxx stands for the name that is used in the emailaddress)
This is the content of a sample:
Please take a look at the attached statement on your account. The statement was issued today upon request, and your data has been successfully altered.
Thank you for contacting us.
Sincerely,Gilda
or
Dear Valued Customer:
Your account ID: t.mario.flores
As requested, we are sending you this account report attached this mail between 1/1/2008 and 10/1/2008.
At your service,
Aurelia Schneider
The attachment has the name “tatement_Jan-Oct.zip” and once extracted has the document ”Statement_Jan-Oct.doc .exe”. Naming can vary when new variants are spread out. The spaces before .exe is a common trick to fool people. It mostly appears as being a .doc file while the actual file type is further in the file name.
Virus Total permalink and MD5: 0d5908b1bc2881c7fb6cd30a48dee64c
Very Dangerous for OS because it provides crash of system and subsequential not running desktop
A variant on the message text:
There is a document added to this letter. The detailed report you wanted to receive is in it. It was successfully made over today
Contuct customer support any time
Sallie