Statement January – October virus

MX Lab intercepted a new virus variant that is only detected by 5 of the 36 anti virus engines on Virus Total. The virus is known as PAK_Generic.001 by Trend Micro, Backdoor.Win32.Haxdoor by Ikarus or as Trojan:Win32/Emold.gen!C by Microsoft.

The emails are distributed with the subjects:

Data request
Attached Statement
Statement January – October
Account data
Account information Report 1/1/2008 – 10/1/2008. (where xxx stands for the name that is used in the emailaddress)

This is the content of a sample:

Please take a look at the attached statement on your account. The statement was issued today upon request, and your data has been successfully altered.

Thank you for contacting us.


Dear Valued Customer:

Your account ID: t.mario.flores

As requested, we are sending you this account report attached this mail between 1/1/2008 and 10/1/2008.

At your service,
Aurelia Schneider

The attachment has the name “” and once extracted has the document “Statement_Jan-Oct.doc             .exe”. Naming can vary when new variants are spread out. The spaces before .exe is a common trick to fool people. It mostly appears as being a .doc file while the actual file type is further in the file name.

Virus Total permalink and MD5: 0d5908b1bc2881c7fb6cd30a48dee64c

2 thoughts on “Statement January – October virus

  1. Very Dangerous for OS because it provides crash of system and subsequential not running desktop

  2. A variant on the message text:

    There is a document added to this letter. The detailed report you wanted to receive is in it. It was successfully made over today

    Contuct customer support any time

Comments are closed.