We’ve received some reports of a trojan downloader being spammed. The thing is, it uses another social engineering trick. This time, it appears as though the recipient has emailed and…. wait… Here’s a sample of the message body:
==========================================================From: [spoofed]@[spoofedadress.com]==========================================================
To: [target]@[target.com]
Hello, [target].
Thursday, February 1, 2006, 6:59:21 PM, you wrote:
> Hello,.
> hi!
> How are you?
> Why didn’t you call me? I really miss you, my darling!!! I want to
> see
> you as soon as possible.
> Could you send me your photo which you promised me!! Call me,
> waiting
Hi, dear!!
I’m fine, thanks, alive!
It’s a pity, but I’ve lost your phone number. That is my number
[some-random 7-digit number]
please, call me, I’m waiting. We’ll meet soon.
That ‘s my photo
—
Best regards,
[spoofed] [spoofed]@[spoofedadress.com]
There. See what I mean? heheheeh. The attachment arrives as ‘foto[4-digit-number].zip’, and is (as said in the title) a Trojan Downloader (which we detect as PAK_Generic.001)
Update(JJ, 02 February 2006 23:51:26)
Detected as TROJ_SMALL.AYZ.
