Spam Mails with Bogus YesAsia Invoices Disseminating Trojan

Cyber-criminals appear as targeting YesAsia.com for exploiting the popularity of YesAsia so they may dispatch spam mails pretending to be invoices, published NakedSecurity on October 11, 2011.

Notably, similar to Amazon.com, the YesAsia.com website too is an online-retailer platform that's widely visited across Asian countries, where people buy electronics, music and movies.

In the current spam campaign, an e-mail to the recipient tells him that the cost of some product he bought on YesAsia.com has been debited to his credit card.

Consequently, an unwitting consumer may hasten for following a given web-link for determining the way this could happen. Typically, rather than get explanations, he gets a condensed .zip file, which caries malware for compromising his computer.

The condensed .zip file has only one purpose i.e. to for deceiving computer-users into planting malicious software. This malicious software is Troj/VB-FPL a Trojan virus that Sophos has identified.

Moreover, for making the entire scam appear authentic, the cyber-criminals have created one website named yesasia-invoices.com.

To work, this domain replicates itself and pastes the duplicate onto an executable file named newegg.exe, within Application Data a directory on the user's PC. Thereafter it establishes several registry keys for ensuring it won't get ridden off too easily. Following this it installs a few processes whilst issuing DNS (domain name system) queries to symantechantivirus.zapto.org and 1symantechantivirus.zapto.org.

One more aspect of the scam which makes it appear increasingly genuine relates to the e-mails that are made to appear as originating from one service running automatically. This and the shrewdly created website together are likely to easily dupe anybody.

Graham Cluley, Senior Technology Consultant at Sophos warned that the YesAsia-invoices.com wasn't an actual YesAsia website; rather someone registered it solely to fool computer operators so they may load the Troj/VB-FPL.

In the above case, the scam e-mail asserted that the victimized individual bought a webcam and one computer hard drive that together cost nearly $500, something that could frighten anybody.

Thus, according to Cluley, end-users must overlook such incoming dubious electronic mails declaring of sudden credit card debiting as also must maintain their security software up-to-date for blocking sudden virus attacks.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 20-10-2011

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial