MX Lab intercepted a new virus variant that is only detected by 5 of the 36 anti virus engines on Virus Total. The virus is known as PAK_Generic.001 by Trend Micro, Backdoor.Win32.Haxdoor by Ikarus or as Trojan:Win32/Emold.gen!C by Microsoft.
The emails are distributed with the subjects:
Statement January – October
xxx.xxx Report 1/1/2008 – 10/1/2008. (where xxx stands for the name that is used in the emailaddress)
This is the content of a sample:
Please take a look at the attached statement on your account. The statement was issued today upon request, and your data has been successfully altered.
Thank you for contacting us.
Dear Valued Customer:
Your account ID: t.mario.flores
As requested, we are sending you this account report attached this mail between 1/1/2008 and 10/1/2008.
At your service,
The attachment has the name “tatement_Jan-Oct.zip” and once extracted has the document “Statement_Jan-Oct.doc .exe”. Naming can vary when new variants are spread out. The spaces before .exe is a common trick to fool people. It mostly appears as being a .doc file while the actual file type is further in the file name.
Virus Total permalink and MD5: 0d5908b1bc2881c7fb6cd30a48dee64c