Today we received two samples related to the TROJ_YABE malware family with different MD5 hash.

		Detection
File Name	: Rechnung-Single.de.doc.exe	TROJ_YABE.BT
File Size	: 18,432 bytes
MD5	: 3dc607942049e82e7108443cc5d87403: c85657e8cda72be356554856f4158562
Downloaded Files	: ws25.exe (116,952 bytes): ws26.exe (116,952 bytes)	TROJ_DLOADER.KEH
Related File	: ipv6monl.dll (84,184 bytes)	TSPY_BZUB.CX
Download URL	: http://www.{blocked}-hovic.sk/_sub/wap/iexplorer.exe: http://www.{blocked}.sk/_sub/suchy/admin/img/iexplorer.exe

As with the recent YABE variants, this new sample also used the monthly bill from German Telekom for its social engineering. Here are some sample emails:

A second wave of spamming was also reported. Following are some details:

		Detection
File Name	: T-Com.pdf.exe	TROJ_YABE.BT
File Size	: 44,032 bytes
Downloaded Files	: win994.exe (100,056 bytes)	TSPY_BZUB.CX
Related File	: ipv6monl.dll (66,776 bytes)	TSPY_BZUB.CX

Thanks to Alice Decker for the valuable information.

This entry was posted on Wednesday, March 21st, 2007 at 1:48 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.