New VBS trojan: Emailing: PIC5398236.TIFF


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Emailing: PIC5398236.TIFF”.

This email is send from the spoofed address “xxxxx ” and has the following body:

The message is ready to be sent with the following file or link attachments:
PIC5398236.TIFF

Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.

The attached file PIC5398236.TIFF.zip contains the file PIC9020505.vbs. Not that the naming of the email, ZIP archive and malware file may vary with each email.

The malware is detected by 3/54 AV engines at Virus Total and the analysis is available on Malwr.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s