Spam Mails with Hoax Contract Installs Trojan

According to Trend Micro security researchers, spam mails are being distributed having a zip attachment, which actually carries a malicious program. The attachment is named "Contract of Settlements" and poses as being sent from LSM Company, as reported by Trend Labs on October 24, 2009.

LSM Company is a group based in London, which provides a useful and effective end-to-end solution to process billing, payroll and credit management utilities.

The researchers stated that different from the normal junk messages, the current spam mails had proper spellings and a professionally-sounding word usage. The messages posed as talking about a contract, telling that if the recipients were agreed with the contract's terms and conditions, they would get payment on October 23, 2009 for the first shipment. However, the contract agreement contained in the attachment was actually a malicious executable named contract_1.exe that Trend Micro detected as TROJ_FAKEALE.JH.

Upon execution, TROJ_FAKEALE.JH linked up with http://{BLOCKED}edrdosubor.com/K1er0Lj5n8H0NM4E8h0u where another variant of FAKEAV named TROJ_FAKEAV.BQN awaited users.

The researchers also said that it was not possible for users to scan the .ZIP file as it was password protected. However, the e-mail provided a password apparently for unlocking the mentioned file. Another reason for protecting the file with password was to make users believe that everything was legitimate about it.

There is a high risk associated with it because some over enthusiastic people hoping for the materialization of the unsolicited contract over the Net would enter the password. Naturally, what would follow is computer infection consequent of the Trojan.

A Trojan typically contains harmful or malicious script embedded into so-called innocuous data that gives the malware's controller unauthorized access to the infected computer and opportunity to do damage like spoiling the arrangement of data files on the system's hard drive.

Eventually, the researchers said that the current attack, trying to contaminate innocent Internet users' computers, resembled the attacks of late 2008 of which several used popular companies' names that further increased the users' temptation towards opening given attachments. It is therefore advisable that users avoid viewing e-mails that appear suspicious.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 11/4/2009