Dutch emails with Report.zip attached contains trojan

January 20, 2012 1 Comment

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the following possible subjects:

Fwd: Vertel de fiscus
Fwd: Niet in het derde kwartaal van dit jaar!
Informeer de belastingsdienst!
Order
Order #98314389
Re: adviser id: 586452.
Re: profile consultation id: 90616
The answer id: 79858
Your request id: 52018110.

The email is send from different spoofed addresses and has the following body:

Hallo
U moet de rekening betalen voor het einde van de week.
Details in de bijgevoegde documenten…

The attached ZIP file has the name Report.zip and contains the 41 kB large file Report.Docx____**____.exe (the filename contains many underscores to hide the .exe file type extension at the end).

The trojan is known as W32/Yakes.B!tr (Fortinet), UDS:DangerousObject.Multi.Generic (Kaspersky), Posible_Worm32 (TheHacker).

At the time of writing, only 4 of the 43 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 5037236777f3d320482de732688243faa192ade3bcbbda57472407d7b1219cfe.

Filed under Malware, Viruses Tagged with , , ,

One Response to Dutch emails with Report.zip attached contains trojan

  1. Judith says:
    January 20, 2012 at 5:38 pm

    received it just now, sender was; devnull (mineral@montana.edu)
    thought it was a virus so checked google and saw this entry, thanks!
    deleted it right away!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 109 other followers