Spam Mails with Hoax Contract Installs Trojan

According to Trend Micro security researchers, spam mails are being distributed having a zip attachment, which actually carries a malicious program. The attachment is named "Contract of Settlements" and poses as being sent from LSM Company, as reported by Trend Labs on October 24, 2009.

LSM Company is a group based in London, which provides a useful and effective end-to-end solution to process billing, payroll and credit management utilities.

The researchers stated that different from the normal junk messages, the current spam mails had proper spellings and a professionally-sounding word usage. The messages posed as talking about a contract, telling that if the recipients were agreed with the contract's terms and conditions, they would get payment on October 23, 2009 for the first shipment. However, the contract agreement contained in the attachment was actually a malicious executable named contract_1.exe that Trend Micro detected as TROJ_FAKEALE.JH.

Upon execution, TROJ_FAKEALE.JH linked up with http://{BLOCKED}edrdosubor.com/K1er0Lj5n8H0NM4E8h0u where another variant of FAKEAV named TROJ_FAKEAV.BQN awaited users.

The researchers also said that it was not possible for users to scan the .ZIP file as it was password protected. However, the e-mail provided a password apparently for unlocking the mentioned file. Another reason for protecting the file with password was to make users believe that everything was legitimate about it.

There is a high risk associated with it because some over enthusiastic people hoping for the materialization of the unsolicited contract over the Net would enter the password. Naturally, what would follow is computer infection consequent of the Trojan.

A Trojan typically contains harmful or malicious script embedded into so-called innocuous data that gives the malware's controller unauthorized access to the infected computer and opportunity to do damage like spoiling the arrangement of data files on the system's hard drive.

Eventually, the researchers said that the current attack, trying to contaminate innocent Internet users' computers, resembled the attacks of late 2008 of which several used popular companies' names that further increased the users' temptation towards opening given attachments. It is therefore advisable that users avoid viewing e-mails that appear suspicious.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 04-11-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial