Corporate mail spam drops Haxdoor
Business-related message carries trojan.
A vaguely official-sounding email is being widely spammed, claiming to relate to some nebulous business activity
between the sender and recipient, but actually forming another vector for spreading malware. The text reads like a
variant of the classic 419 scam, but veers off into a lure to open the infected attachment.
The body of the email reads as follows:
Hello! Maybe you can explain me what's going on? My name is [sender],
since recent times I've been working online for a company, which has a site
www.[suspect website].biz. I performed financial transactions consisted
in receiving and transferring money into different payment systems.
When I read notifications from company about new tasks, in the letter's
recipients list were more than one e-mail, including yours: [recipient's address]
Maybe you are also member of the company? The last received order was to
receive large amount of money (40000 USD) transferred on my Bank of America
account. However, the task wasn't completely fulfilled. Those properties
given by the company, turned out to be closed for some reason. I wanted to
write in Support service, but to my great surprise, the site of this
organization is not available now, and e-mail sends back letters.
I think you are somehow related to the company and will be able to help me.
I responsibly performed my duties and am willing to work again. In the
attachment I wrote the details of received payment, fed ware, and properties,
given for sending. I'm looking forward to hearing from you soon.
Attached to the mail, generally in a file called 'au.exe', is a variant of the 'Haxdoor' backdoor trojan, already
detected either explicitly or generically by most AV products.
31 August 2006
Tags:
spam
del.icio.us 
digg this
