Email from Int. F.C.U contains trojan downloader

November 25, 2008 by mxlab Leave a Comment

Messages with the subject Re: F.C. Doc. contain an attached file Doc_N012.zip that contain according to F-Secure the Trojan-Downloader.Win32.Small.aglf or known as Mal/EncPk-CO by Sophos.

The contents of the email:

Hello, onkar-amodik.

We send the updated report.
Ssory for a delay.
Look the attached file.

Tel: 028663

Best regards,
Int. F.C.U.  mailto:scott@planetterragen.com

The unpacked zip file contains the file: Doc_N012.Doc______________________________________.exe. Please be aware that subjects, body of the email and file names can change when new variants emerge.

It is a threat that attempts to open backdoor and allows unauthorized access to an infected machine. It will create the file %Temp%\system.ex, creates a new process and adds itself to the registry so that it runs each time when the computer boots.

VirusTotal Permalink and MD5: 28c8d27cb9da210a5480618a57788dde.

Filed under Viruses Tagged with , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>