Statement January – October virus


MX Lab intercepted a new virus variant that is only detected by 5 of the 36 anti virus engines on Virus Total. The virus is known as PAK_Generic.001 by Trend Micro, Backdoor.Win32.Haxdoor by Ikarus or as Trojan:Win32/Emold.gen!C by Microsoft.

The emails are distributed with the subjects:

Data request
Attached Statement
Statement January – October
Account data
Account information

xxx.xxx Report 1/1/2008 – 10/1/2008. (where xxx stands for the name that is used in the emailaddress)

This is the content of a sample:

Please take a look at the attached statement on your account. The statement was issued today upon request, and your data has been successfully altered.

Thank you for contacting us.
Sincerely,Gilda

or

Dear Valued Customer:

Your account ID: t.mario.flores

As requested, we are sending you this account report attached this mail between 1/1/2008 and 10/1/2008.

At your service,
Aurelia Schneider

The attachment has the name “tatement_Jan-Oct.zip” and once extracted has the document “Statement_Jan-Oct.doc             .exe”. Naming can vary when new variants are spread out. The spaces before .exe is a common trick to fool people. It mostly appears as being a .doc file while the actual file type is further in the file name.

Virus Total permalink and MD5: 0d5908b1bc2881c7fb6cd30a48dee64c

2 thoughts on “Statement January – October virus

  1. Very Dangerous for OS because it provides crash of system and subsequential not running desktop

  2. A variant on the message text:

    There is a document added to this letter. The detailed report you wanted to receive is in it. It was successfully made over today

    Contuct customer support any time
    Sallie

Comments are closed.