MX Lab started to intercept a few emails with the subject “scan upon download” coming from randomly spoofed email addresses.
The trojan is named Suspicious:W32/Malware!Gemini (F-Secure) or Mal/TibsPk-D (Sophos) and is able to create malicious executable files on the infected system.
The body of the email:
Dear Sirs,
We have prepared a contract and added the paragraphs that you [...]
Email with subject “scan upon download” contains trojan
Twitter, Google and Hi5 being abused in Prolaco worm distribution
Twitter, Google and the social networking site Hi5 are being abused in an email campaign to distribute the Prolaco worm. The campaigns have the following characteristics. Note that the email addresses are spoofed.
The malware is known as Worm.Win32.Prolaco.gen (Sunbelt), Worm:Win32/Prolaco.gen!C (Microsoft) and Worm.Win32.Prolaco (Ikarus).
Twitter
From: <invitations@twitter.com>
Subject: Your friend invited you to twitter!
Attachment: Invitation Card.zip (approx 348 kB)
Body [...]
“updated account agreement” email contains Bredolab trojan
MX Lab started to intercept emails with the subject “updated account agreement” that contains the Bredolab trojan. The campaign is designed for Facebook users because of the content. The email comes from the spoofed email address and contains “Facebook Team”.
The body of the email:
Dear Facebook user,
Due to Facebook policy changes, all Facebook users must submit [...]
Bredolab trojan on the move
MX Lab noticed an increase in intercepted Bredolab trojan variants that are spread by email. The Bredolab variants are distributed by different campaigns.
Do you like to find a girlfriend like me ?
One campaign has the subject “Do you like to find a girlfriend like me ?” and targets female singles in a certain way:
Wish to [...]
Win a Macbook Air and get the trojan Obfuscator for free
MX Lab intercepted emails with the subject “Congratulation!!”. The message informs you that you have won an Apple MacBook Air and for more details you will need to open the attached file.
Congratulations!! You have won todays Macbook Air.
Please open attached file and see details.
Seems tempting but by doing so you will in fact unleash the [...]
Email based update for Microsoft Outlook – Outlook Express contains trojan
MX Lab started to intercept messages with the subject “Update for Microsoft Outlook / Outlook Express (KB910721)”. These messages appear to come from the Microsoft Support department and contains instructions to install a new update for Microsoft Outlook / Outlook Express:
Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical [...]
ZBot trojan aims AIM users
MX Lab intercepted a few emails regarding AOL Instant Messenger accounts but in fact, the included URL leads to a web site that hosts malware. The malware is know as Trojan-Spy.Win32.Zbot.gen (Kaspersky), PWS:Win32/Zbot.gen!R (Microsoft) or Trojan.Zbot!gen3 (Symantec).
The email comes from the spoofed address AIM <no_reply_instant_messenger@aol.com> with possible subjects like:
Your AIM account is flagged as inactive
Your AIM account [...]
New Bredolab trojan variants in DHL and UPS tracking emails
MX Lab intercepted several email messages with new Bredolab trojan variants in the traditional style: emails regarding the tracking of a parcel. We noticed new campaigns using the DHL and UPS tracking style. We will cover them both in this article at the same time.
The trojan is known as Trojan.Win32.Bredolab, Trojan-Downloader:W32/Bredolab.WI or TrojanDownloader:Win32/Bredolab.AB.
UPS Tracking Number
The [...]
New Bredolab variant targets MySpace users with MySpace Password Reset email
MX Lab detected a new virus campaign containing a new Bredolab variant. The campaign has the same characteristics as the Facebook Password Reset email campaign. The trojan listens to the name Win32:Bredolab-BL (Avast) or W32/Bredolab!Generic2 (F-Prot).
The email is send from the spoofed address <confirmation@myspace.com> and has the subjects:
MySpace Password Reset Confirmation!
MySpace Password Reset Confirmation! Order NR.4648.
The number [...]
Christmas malware SantasGift.exe
It is a tradition that at the end of the year new email threats emerge, more spam is going around and also for this year we expect to face new threats.
MX Lab started to intercept messages with the subject line “Jingle bells, jingle bells.. Ho ho ho Santa Claus is coming!!”. The message contains an [...]
