Spam Mail With 'Vaio' Order Distributes Malware

The e-mail that displays a fake order has content, which begins with a thank you note for ordering from their Internet shop. If the payment is made from a credit card, the charge would be from their shop's name. While the e-mail confirms the receipt of the order, it requests not to reply as it is generated from an automated confirmation system.

The e-mail then gives some fake transaction details and carries a PDF (Portable Document File) attachment. It tells that PDF files are constructed via 'Adobe Acrobat Software', which is possible to view using 'Adobe Acrobat Reader' available free of cost for download from Adobe's Website.
The spam mail further reads that it will ship the order from the nearest warehouse to customer that stocks the items of demand (NY, TN, UT and CA). Although all items are ship same day, but it requests for 24 hours of processing time. The mail says that another e-mail with tracking information will arrive soon. It then thanks for the particular transaction and hopes that the customer to enjoy his order.

The false PDF attachment is named by the executable '37679041.exe', which anti-virus vendors detect by different names. Kapersky called it 'Backdoor.Win32.Haxdoor.If.' Symantec named it as 'Backdoor.Haxdoor.R' and others call it a Goldun variant. Says Suzi Turner on 'ZDNet Blogs' that whatever name one gives to it; it is a real nasty malware.

Security vendor Sunbelt rates the threat as 'severe'. He reports that the installation of Haxdoor is typically through exploits. It uses 'rootkit' technology to bypass detection and conceals from the user. Some variants of Haxdoor may steal passwords from banking sites in order to transmit the data to a remote hacker. Haxdoor variants could also show advertising through pop-ups and cause instability and crashing of a system. Haxdoor may lower security levels by disabling firewall and anti-virus programs.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 10/17/2006