Email from Int. F.C.U contains trojan downloader

November 25, 2008 Leave a Comment

Messages with the subject Re: F.C. Doc. contain an attached file Doc_N012.zip that contain according to F-Secure the Trojan-Downloader.Win32.Small.aglf or known as Mal/EncPk-CO by Sophos.

The contents of the email:

Hello, onkar-amodik.

We send the updated report.
Ssory for a delay.
Look the attached file.

Tel: 028663

Best regards,
Int. F.C.U.  mailto:scott@planetterragen.com

The unpacked zip file contains the file: Doc_N012.Doc______________________________________.exe. Please be aware that subjects, body of the email and file names can change when new variants emerge.

It is a threat that attempts to open backdoor and allows unauthorized access to an infected machine. It will create the file %Temp%\system.ex, creates a new process and adds itself to the registry so that it runs each time when the computer boots.

VirusTotal Permalink and MD5: 28c8d27cb9da210a5480618a57788dde.

Filed under Viruses Tagged with , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

Please log in to WordPress.com to post a comment to your blog.

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 108 other followers