Another trojan seeding activity has been seen in the internet. It arrives as a RAR compressed attachment of an email Phish. The attachment has the name ID 5277599.rar and contains an executable file named, ID 5277599.exe. The executable file is a trojan that downloads another malicious file from the internet.
The malicious email has the following details:
Subject: Important: WorldPa y CARD transaction confirmation: 527 7599Sender: shopper@uk.worldpay.com
Message body:
Hello,
My name is Martin and I am from the Support of WorldPay
We have received the payment order you can see below and I need to make a verification of the details you have filled in. We have just tried to contact you at the telephone number you have supplied in the payment (order 5277599,total 144.80 GBP) but this telephone appears to be invalid.
It would be great if you supply us a telephone where we can reach you directly. Your domain name and the hosting plan will be approved immediately after your confirmation.
You can check your account details and your card transaction details in attachment.
Case ID Number: 5277599
Your assistance will be appreciated. Looking forward to hearing from you soon.
Best Regards,
Martin Blakelock
shopper@uk.worldpay.com
The malicious file has been submitted to the service team for detailed analysis.
Update(Jessie, 04 February 2006 21:38:44)
The malicious attachment has been given the detection name TROJ_CLAGGER.B.