Spam Mail With 'Vaio' Order Distributes Malware
The e-mail that displays a fake order has content, which begins with a thank you note for ordering from their Internet shop. If the payment is made from a credit card, the charge would be from their shop's name. While the e-mail confirms the receipt of the order, it requests not to reply as it is generated from an automated confirmation system.
The e-mail then gives some fake transaction details and carries a PDF (Portable Document File) attachment. It tells that PDF files are constructed via 'Adobe Acrobat Software', which is possible to view using 'Adobe Acrobat Reader' available free of cost for download from Adobe's Website.
The false PDF attachment is named by the executable '37679041.exe', which anti-virus vendors detect by different names. Kapersky called it 'Backdoor.Win32.Haxdoor.If.' Symantec named it as 'Backdoor.Haxdoor.R' and others call it a Goldun variant. Says Suzi Turner on 'ZDNet Blogs' that whatever name one gives to it; it is a real nasty malware.
Security vendor Sunbelt rates the threat as 'severe'. He reports that the installation of Haxdoor is typically through exploits. It uses 'rootkit' technology to bypass detection and conceals from the user. Some variants of Haxdoor may steal passwords from banking sites in order to transmit the data to a remote hacker. Haxdoor variants could also show advertising through pop-ups and cause instability and crashing of a system. Haxdoor may lower security levels by disabling firewall and anti-virus programs.
Related article: Spam Scam Bags a Scottish Connection
» SPAMfighter News - 17-10-2006