Email “My new photo ;)” contains a variant of Win32/Injector.BKLN trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan variant distribution campaign by email with the subject “My new photo ;)”.

This email is send from the spoofed addresses and has the following short body in very poor English:

my new photo 😉
if you like my photo to send me u photo

The attached ZIP file has the name photo.zip, once extracted a folder photo is available with that contains the 127 kB large file photo.exe.

The trojan is known as a variant of Win32/Injector.BKLN, W32/Trojan.VXSW-3691, Spyware.Zbot.ED, Dropper-FLV!45F22B6FFADD, BehavesLike.Win32.Rontokbro.cm or Trojan.Win32.Agent (A).

At the time of writing, 6 of the 52 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: cf92b278257c352c156205e41e63ef06b08bee7b8c3fac73955a8c3cb7f180f7.

4 thoughts on “Email “My new photo ;)” contains a variant of Win32/Injector.BKLN trojan

Comments are closed.