New year gift from Amazon sent by a friend contains malware

January 19, 2012 Leave a Comment

MX Lab, http://www.mxlab.eu, intercept a few samples of a new trojan found in emails with the subject  ”A friend just sent you a new year gift from amazon” sent from the spoofed address “amazon seller <customer_amzon.com@correo.rgm.com.co>”.

The email has the following body:

Good day,
We are to inform you that someone just sent you a gift from amazon.com,
below is the recipt kindly open and track the order. Wishing you a lovely year ahead.
Best regards,
Amazon.com

The malware  is approx. 221 kB large and listens to the name file4402_fdp.exe.

The trojan is known as Win32:Malware-gen (Avast), Trojan.Win32.VBKrypt.imoz (Kaspersky), Artemis!798A4ABB09D7 (McAfee), Mal/Generic-L (Sophos).

At the time of writing, 24 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 40bbaa3e93e50dbdc2b615ae383c3c36c0ab358c311a39efaf6c1246b71ef903.

Filed under Malware, Viruses Tagged with , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 109 other followers