Pixmania gift voucher email contains trojan in ZIP file
January 9, 2013 8 Comments
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Pixmania.com gift voucher code”.
The email is send from “Pixmania.com” with a spoofed email address and has the following body:
The attached ZIP file has the name voucher.zip and contains the 122 kB large file voucher.scr.
The trojan is known as a variant of Win32/Kryptik.ARTR, Trojan.Generic.KD.823865, Artemis!32D03167D51A or WS.Reputation.1.
At the time of writing, 13 of the 45 AV engines did detect the trojan at Virus Total.
Virus Total permalink and SHA256: 088aa2ff181efea185749728f40eb8005e0cbf5ae13acf0823ad32aecdccc843.
thanks
I got this today. It said the voucher was for 100 EUR and sent to me by “Ima”, and the sender address appeared to be from the domain grandhotelduomo.it (possibly faked?).
I got it also, and was happy to find your article, helped me take the decision to delete the mail and its content ! I’m spreading this to all my friends and family …
Thx again !
Thank you.
I got it too (I am from Poland).
Yes, i got it too. The Zip file with the voucher.scr file looked suspicious to me. So I deleted the email. And again: if an offer looks too good to be true, it probably is!
Got it too (France) Deleted too.
Received same message this week. THANKS for the warning!
I suspected it was something shady and tested it on an old computer i had no use for. The .scr file did nothing. I feel cheated. At least they could’ve made a screensaver with “Haha! I jus trojaned your computer!”