Spam Associated With Phony Wire Transfer Download TrojanIt is understood that McAfee AVERT Labs is reporting of widespread spam involving messages that relate to phony 'wire transfers', as reported by MSMVPS on December 24, 2008. These messages, according to McAfee's researchers, reach the users' mailbox as a reply to their query about the so-called wire transfer. A spam mail sample that McAfee AVERT Labs released shows that the message talks about the release of the wire transfer. The e-mail also includes the 'beneficiary's' name, his 'ABA ROUTING' number along with his account number and the total sum in that account. There is also a bank statement in the e-mail attached as a zip file. The e-mail also asks the recipient to check the statement so that he can report back if everything in the statement is correct. But when users open the file "bank_statement.scr" within the zip attachment, it downloads a Trojan called BackDoor-DSG. There is also a simultaneous download of an innocent appearing PDF document taken from a lawful website and the Trojan opens that document for deceptive actions. The PDF document, however, has no relevance with the wire transfer. McAfee AVERT Labs also reveal that the Trojan is again packed with other e-mails in changed versions so that each e-mail message is different from the other. Apart from this, the malware developers changed the resource sections within those files; for instance, the file properties and icons. In one example, McAfee observed that the icons of Chrome and PDF Adobe were related to the statements from bank. Meantime, the malicious code and crafty resources are the outcome of polymorphism from the server-side to bypass anti-virus software. McAfee AVERT Labs recognizes the current surge of the malware as BackDoor-DSG.dldr downloader Trojan that installs files called BackDoor-DSG with DAT 5474. Researchers at McAfee AVERT Labs further add that with the anticipation of e-commerce messages during the vacation season (during the Christmas time and New Year (2009)), these genuine looking e-mails could fool users easily. They could get the e-mail recipients into opening the messages, leading to the downloading of harmful content on their computers. Related article: Spam Scam Bags a Scottish Connection » SPAMfighter News - 1/1/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
