Spam Mails with Bogus YesAsia Invoices Disseminating Trojan

Cyber-criminals appear as targeting YesAsia.com for exploiting the popularity of YesAsia so they may dispatch spam mails pretending to be invoices, published NakedSecurity on October 11, 2011.

Notably, similar to Amazon.com, the YesAsia.com website too is an online-retailer platform that's widely visited across Asian countries, where people buy electronics, music and movies.

In the current spam campaign, an e-mail to the recipient tells him that the cost of some product he bought on YesAsia.com has been debited to his credit card.

Consequently, an unwitting consumer may hasten for following a given web-link for determining the way this could happen. Typically, rather than get explanations, he gets a condensed .zip file, which caries malware for compromising his computer.

The condensed .zip file has only one purpose i.e. to for deceiving computer-users into planting malicious software. This malicious software is Troj/VB-FPL a Trojan virus that Sophos has identified.

Moreover, for making the entire scam appear authentic, the cyber-criminals have created one website named yesasia-invoices.com.

To work, this domain replicates itself and pastes the duplicate onto an executable file named newegg.exe, within Application Data a directory on the user's PC. Thereafter it establishes several registry keys for ensuring it won't get ridden off too easily. Following this it installs a few processes whilst issuing DNS (domain name system) queries to symantechantivirus.zapto.org and 1symantechantivirus.zapto.org.

One more aspect of the scam which makes it appear increasingly genuine relates to the e-mails that are made to appear as originating from one service running automatically. This and the shrewdly created website together are likely to easily dupe anybody.

Graham Cluley, Senior Technology Consultant at Sophos warned that the YesAsia-invoices.com wasn't an actual YesAsia website; rather someone registered it solely to fool computer operators so they may load the Troj/VB-FPL.

In the above case, the scam e-mail asserted that the victimized individual bought a webcam and one computer hard drive that together cost nearly $500, something that could frighten anybody.

Thus, according to Cluley, end-users must overlook such incoming dubious electronic mails declaring of sudden credit card debiting as also must maintain their security software up-to-date for blocking sudden virus attacks.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 10/20/2011