A new malware is making the rounds on the net. It is a trojan dropper being spammed through mail and have these email details. Note: the details are in Italian.
Subject: prendete una pausa…
Attachment: tiro_a_segno.zip
Body:
Vi mando un gioco fla sh!
poi mandatemi il vostro punteggio max…
così vi dico quanto ho fatto io… mi sto allenando :)
bye
Ufficio vendite
Here is a babelfish translation
Subject: you take one pause…
Attachment: tiro_a_segno.zip
Body:
I send you a game fla sh!
then you send your score to me max…
therefore I say how much I have made I to you… I am training myself:)
bye
Office sales
The attached email is a nullsoft sfx which has a copy of a dart game to fool users into believing that they are actually getting a game. But behind this it also drops a dll file into the user’s system which it registers as a Browser Helper Object.
Both the dropper and the dll file dropped has already been processed for detection and will have a name of TROJ_BOMKA.L.