E-mail Scam Attacks Organizations and Employees with Malware; MX Lab
MX Lab the security company warns of cyber-criminals who are distributing malware through an e-mail campaign, which apparently targets organizations along with their employees.
The malware-laden electronic mails bear the subject line "Important update. Please read" as the messages tell recipients about one deliberate e-mail service outage.
The e-mails state that one planned outage had been carried out for the Mail Services at 11:30:14 +0300 on December 2, 2013. Presently, there are a few problems with the MailServer although it's expected to start working again soon. In case the recipient desires keeping his earlier messages he's requested to download as well as keep the backup available in a given attachment, the e-mails continue.
Moreover, for sounding real and lawful, the e-mails inform recipients that these are compulsory notifications providing details of vital modifications within products they are utilizing.
Proceeding further, recipients will find that the attachment contains a large zipped file labeled as saved_mailbox_yoct_F479657BA8.zip that actually delivers a Trojan named W32/Trojan.RSKY-7175, Trojan/Win32.Zbot, Mal/Generic-S, Trojan.Ransom.RV alternatively Win32/PSW.Fareit.A. The Trojan pulls down files being distributed online, seizes data from the host's Web-browser as well as digs out credentials from clients designed with File Transfer Protocol (FTP).
Unfortunately, only 7 anti-virus engines of Virus Total's total 47 could spot this Trojan.
Its (malware's) activities include beginning one fresh service, modifying registry entries on Windows software as also downloading one executable named 1.exe recognized to be Trojan.Ransom.RV or W32/Trojan.RSKY-7175.
There's another executable named 2.exe, which displayed the '404 error' hence failed in getting downloaded.
In this case too only two anti-virus engines of the total 48 of Virus Total could spot the malware.
E-mail recipients may imagine the messages have originated from the IT division so may hasten to view the aforesaid zipped archive, but actually end up downloading the Trojan.
Thus, for remaining safe from the malware's infection, Internet users are urged towards executing AV scans. The anti-virus solution should be kept updated, activated as also applied for a once/twice scan every month. It's important that no two AV solutions are run simultaneously for there will then occur an undesirable interference between the two.
» SPAMfighter News - 12-12-2013