Jul1
7:13 am (UTC-7)   |   by Dianne Lagrimas (Technical Communications)

Whereas existing TROJ_ARTIEF variants download another Trojan as part of their malicious routines, TSPY_LOGSNIF.AJ raises the bar with a new twist – its innate ability to monitor Internet and computing activities to steal user names and passwords. This routine is much more dangerous in the Web world as the risk of exposing one’s information to unknown malicious users run high.


Following the footsteps of TROJ_ARTIEF variants that were notorious in May, TSPY_LOGSNIF.AJ tricks users into opening an attachment by scaring the wits out of recipients via a fake Federal Trade Commission (FTC) email message. Details of the said email message are seen below:



Dear XXXX

This email was sent to inform you that your complaint case #880054135 filled with the FTC was successfully registered and posted in our Business Sentinel, a business complaint database maintained by the U. S. Federal Trade Commission. The complaint that you have filled on behalf of American Electrical Testing is now accessible to certified government law enforcement and regulatory agencies in ICPEN-member countries. Government agencies may use this information to investigate suspect companies and individuals, uncover new scams, and spot other such illegal activities.

Because the Internet marketplace is a borderless one, sharing your complaint with government agencies in different countries will help keep the Internet safe. It will also help prevent others from experiencing the problem you have.

Information submitted through the online complaint form may also be used in aggregate form to analyze and create statistics, that may be released to the public. This aggregate data will not contain any personal information.

Attached you will find a copy of your complaint. Please print a hard copy of the complaint for your records in the upcoming investigation.

Thank you for your cooperation and we will keep you informed on the status of our investigation.
Federal Trade Commission


In addition, TSPY_LOGSNIF.AJ also displays a fake Adobe Reader message box to trick users into thinking that the attachment is a non-malicious file.


Trend Micro detects this spyware, as well as TROJ_ARTIEF variants, in the latest pattern release. It is highly recommended to not open any email messages that are not from trusted sources.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Sunday, July 1st, 2007 at 7:13 am and is filed under Security . Responses are closed, but you can trackback from your own site.



Comments are closed.


NUWAR at It Again
Banzai! Trojan Goes (for) Japanese


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice