MX Lab started to intercept a few emails with the subject “scan upon download” coming from randomly spoofed email addresses.
The trojan is named Suspicious:W32/Malware!Gemini (F-Secure) or Mal/TibsPk-D (Sophos) and is able to create malicious executable files on the infected system.
The body of the email:
Dear Sirs,
We have prepared a contract and added the paragraphs that you [...]
Email with subject “scan upon download” contains trojan
Email regarding Conflicker.B Infection Alert contains a trojan
MX Lab started to intercept emails with the subject “Conflicker.B Infection Alert”. The trojan is names Win32:Bredolab-CC (Avast), Generic Dropper.lr (McAfee) or Trojan.Win32.Bredolab.Gen.2 (Sunbelt).
The from address is spoofed and can contain “Microsoft Team”. The emails is signed by “Microsoft Windows Computer Safety Division” to make it appears that it is from Microsoft itself.
The email has the [...]
Spam campaign from Canadian Pharmacy also contains web based threats
MX Lab detected several email based threats in a spam campaign from Canadian Pharmacy masked as an order confirmation of Amazon.
The campaign comes from the spoofed email address Customer Support <***.***@service.amazon.com> and has the possible following subjects (*** numbers will vary):
Confirm #***
Confirmation Order #***
Notice #***
Notify #***
Notification #***
Order Confirmation #***
Order Notice #***
Order Notify #***
Order Notification #***
The [...]
Twitter, Google and Hi5 being abused in Prolaco worm distribution
Twitter, Google and the social networking site Hi5 are being abused in an email campaign to distribute the Prolaco worm. The campaigns have the following characteristics. Note that the email addresses are spoofed.
The malware is known as Worm.Win32.Prolaco.gen (Sunbelt), Worm:Win32/Prolaco.gen!C (Microsoft) and Worm.Win32.Prolaco (Ikarus).
Twitter
From: <invitations@twitter.com>
Subject: Your friend invited you to twitter!
Attachment: Invitation Card.zip (approx 348 kB)
Body [...]
“updated account agreement” email contains Bredolab trojan
MX Lab started to intercept emails with the subject “updated account agreement” that contains the Bredolab trojan. The campaign is designed for Facebook users because of the content. The email comes from the spoofed email address and contains “Facebook Team”.
The body of the email:
Dear Facebook user,
Due to Facebook policy changes, all Facebook users must submit [...]
Bredolab trojan on the move
MX Lab noticed an increase in intercepted Bredolab trojan variants that are spread by email. The Bredolab variants are distributed by different campaigns.
Do you like to find a girlfriend like me ?
One campaign has the subject “Do you like to find a girlfriend like me ?” and targets female singles in a certain way:
Wish to [...]
Win a Macbook Air and get the trojan Obfuscator for free
MX Lab intercepted emails with the subject “Congratulation!!”. The message informs you that you have won an Apple MacBook Air and for more details you will need to open the attached file.
Congratulations!! You have won todays Macbook Air.
Please open attached file and see details.
Seems tempting but by doing so you will in fact unleash the [...]
Email based update for Microsoft Outlook – Outlook Express contains trojan
MX Lab started to intercept messages with the subject “Update for Microsoft Outlook / Outlook Express (KB910721)”. These messages appear to come from the Microsoft Support department and contains instructions to install a new update for Microsoft Outlook / Outlook Express:
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical [...]
ZBot trojan aims AIM users
MX Lab intercepted a few emails regarding AOL Instant Messenger accounts but in fact, the included URL leads to a web site that hosts malware. The malware is know as Trojan-Spy.Win32.Zbot.gen (Kaspersky), PWS:Win32/Zbot.gen!R (Microsoft) or Trojan.Zbot!gen3 (Symantec).
The email comes from the spoofed address AIM <no_reply_instant_messenger@aol.com> with possible subjects like:
Your AIM account is flagged as inactive
Your AIM account [...]
New Bredolab trojan variants in DHL and UPS tracking emails
MX Lab intercepted several email messages with new Bredolab trojan variants in the traditional style: emails regarding the tracking of a parcel. We noticed new campaigns using the DHL and UPS tracking style. We will cover them both in this article at the same time.
The trojan is known as Trojan.Win32.Bredolab, Trojan-Downloader:W32/Bredolab.WI or TrojanDownloader:Win32/Bredolab.AB.
UPS Tracking Number
The [...]
