A new malware is being spammed across email inboxes once again. This Trojan poses as a picture file attachment with the filename KodacDC008.JPG……EXE. It uses a double extension and trailing characters to trick unsuspecting users into clicking the file. In some spammed emails the filename may vary (eg. KodacDC004.JPG.EXE, KodacDC007.JPG.EXE). When executed it downloads a file which is saved as KERNEL32.EXE in the affected machine. The file which is saved as KERNEL32.EXE is actually a spyware that Trend detects as TSPY_GOLDUN.FM
Trend detects this threat as TROJ_GOBRENA.V. Its detection pattern has been available since CPR 3.702.01.