About a week ago, spammed Trojan TROJ_AGENT.JAW arrived at Inboxes decked as a billing notice from GEZ, Germany’s collector for TV/radio broadcast fees. A new variant of this Trojan is again in the wild, using pretty much the same email details as its predecessor.
This Trojan, TROJ_YABE.AT, downloads an encrypted text file, which, in turn contains the URL where it can download a spyware that Trend Micro detects as TSPY_BZUB.ED.
It clearly targets users who understand the context of GEZ. This makes its social engineering ploy especially effective in getting recipients to believe the legitimacy of the abovementioned spam. Thus, users are highly advised to closely examine the contents of the email messages they receive before opening attachments to prevent unwanted GEZ on their computers.
