MX Lab started to intercept emails with the subject “Please look my CV. Thank you.” with the trojan Gen:Variant.Bredo.4 (Bitdefender, F-Secure), TrojanDropper:Win32/Oficla.G (Microsoft), Trojan.Sasfis (Symantec) or Mal/FakeAV-BW (Sophos).
This distribution is sent from the spoofed email address.
The body of the email:
Hello!
I have figured out that you have an available job.
I am quiet intrested in it. So I send you my resume,
Looking forward to your reply.
Thank you.
The email contains the file ZIP archive My_Resume_221.zip containing the 64 kB large executable My_Resume_221.exe.
The following files are created:
%Temp%\1.tmp
%System%\pgsb.lto
The registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Classes\idid” is created.
The registry key “[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]” will be modified.
The trojan can retrieve data from:
* hxxp://davidopolko.ru/
At the time of writing, 16 of the 41 AV engines did detect the trojan. Virus Total permlink and MD5: c571e7e7f09bb845a2f38a4b8ffb02c9
MX Lab customers are protected against this email based threat.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- New Oficla trojan in emails with subject “Your facebook password has been changed”
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Your facebook password has been changed″
The email is send from the spoofed address “You... - New Oficla trojan version in emails with subject “Scan from a Xerox WorkCentre Pro”
MX Lab intercepted some emails with the subject “Scan from a Xerox WorkCentre Pro N 6204257″ that contains the latest Oficla trojan variant. The emails are sent from a spoofed email address and contai... - Oficla trojan in emails with subject “Scan from a Xerox WorkCentre Pro”
MX Lab intercepted some emails with the subject “Scan from a Xerox WorkCentre Pro N 6204257″ that contains the latest Oficla trojan variant. The emails are sent from a spoofed email addres... - New Oficla trojan in messages with subject “Changelog 07.06.2010″
MX Lab intercepted a new variant of the trojan Oficla in messages with the subject “Changelog 07.06.2010″. The from address is spoofed and choosen randomly.
Some samples of the email body:... - Emails with the subject “UPS INVOICE NR9094991″ and “Delivery Problem NR2204780″ contains trojan
A combination of the “Thank you for buying iTunes Gift Certificate!” and the latest UPS related emails with subjects like “UPS INVOICE NR9094991″ or ”Delivery Problem NR... - Sasfis trojan present in emails with subject Statement of fees 2009/2010
MX Lab intercepted messages with the subject “Statement of fees 2009/2010″ that contains the Sasfis trojan attached in a ZIP archive. The email is send from various spoofed email addresses... - Canadian Pharmacy pops up in emails from Facebook with subject “Welcome to Facebook Goods”
MX Lab, http://www.mxlab.eu, started to intercept a new spam campaign, since yesterday, by email with the subject “Welcome to Facebook Goods”. These messages are sent from the spoofed emai... - update trojan virus found.
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik... - UPS Spam Mail
Emsisoft Labs are always on the lookout for something out of the ordinary happening, and we recently came across a circulation of spam portraying as fake FedEx Emails. Emsisoft Anti-Malware will det... - Emails with subject “So now you’re on LinkedIn: What’s next?″ lead to malware
MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “So now you’re on LinkedIn: What’s next?”. This campaign is a fol...
Posted on 14 May 2010. Tags: “Please, emails, Found, Look, Oficla, subject, Thank, Trojan, you.”
