MX Lab intercepted some emails with the subject “Ad third try” with attached a ZIP file named Guys & Dolls_displayad.zip.
The message comes from a spoofed email address and has the following body:
Sent on the Sprint® Now Network from my BlackBerry®
–
Hello,
I just opened a copy of the email attachment that I sent to you and
copied myself. I also sent a new email to another of my screen names
and it was there!
Here is another attached file.
The attached ZIP file contains the 168 kB large executable Guys & Dolls_displayad.exe.
The trojan is known as Win32:MalOb-CE (Avast), Trojan.Kazy.A (BitDefender), Troj/FakeAV-BSZ (Sophos), W32/Katusha.D.gen!Eldorado (F-Prot).
Virus Total permlink and MD5: 58a50da2f57aa1a842b82f4402988afa.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- Email with new password from Facebook Support contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the message that your facebook account has been blocked because of spam that was sent from your accou... - Email regarding Western Union transaction contains the Oficla trojan
MX Lab intercepted a new trojan variant in emails with the subject “The transfer is available to withdrawl. Western Union.” regarding a money transaction. The email is sent from the spoofe... - Email “Statement of fees 2009/2010″ contains trojan
MX Lab intercepts a new trojan variant in emails with the subject “Statement of fees 2009/2010″. The trojan is known as Trojan.Sasfis (Symantec), Suspicious:W32/Malware!Gemini (F-Secure) o... - Email with subject “Outlook Setup Notification” contains trojan
MX Lab intercepted a few emails with the subject “Outlook Setup Notification”. The message contains instructions to re-configure Microsoft Outlook and to open the attached zip file.
The me... - “Thank you for buying iTunes Gift Certificate!” email contains trojan
MX Lab started to intercept emails with the subject “Thank you for buying iTunes Gift Certificate!” with the trojan Gen:Variant.Bredo.4 (Bitdefender, F-Secure), Win32/Oficla.GQ (NDO32), Tr... - Email with subject “Re: Job Interview” leads to site that hosts the Koobface trojan in resume.exe file
MX Lab started to intercept messages with the subject “Re: Job Interview” from various different spoofed email addresses.
The body of the email:
Dear Employee,
Could I get an update on you... - “Facebook Support. Your password has been changed!” contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Facebook Support. Your password has been changed! ID09687″. Note that the nu... - “United Parcel Service notification 48161” from UPS contains trojan
MX Lab, http://www.mxlab.eu, started to intercept a new trojan variant distribution campaign by email with the subject “United Parcel Service notification 48161”, where the number in the subject may v... - Email with offer for ‘Base de datos Mexico 2011′ contains PHP exploit
MX Lab, http://www.mxlab.eu, started to intercept an interesting exploit based on PHP. The email comes in with the subject “Mexico 2011″ and is send from the spoofed address “noreply... - Email messages with subject “LinkedIn Alert” lead to malware. Belgian political party Vlaams Belang is hosting a malicious file.
MX Lab, http://www.mxlab.eu, is intercepting an certain amount of emails with the subject “LinkedIn Alert” that leads to a website with malicious software and redirects surfers to a online...
Posted on 15 September 2010. Tags: contains, Dolls, Email, File, Guys, Trojan
