Oct5
8:57 pm (UTC-7)   |   by Roderick Ordoñez (Technical Communications)

The spam attached to a “delivery failure notice” last month has reappeared. Now dropping its “delivery failure notice” cover, the second coming of this spam is no less dangerous, and in fact more bundled with bonus malware. See screenshot below:

Although this spam comes with the same subject, same attachment file name, and same spam content as before, executing the attachment’s contents deploys TROJ_ROOTKIT.BA and TSPY_GOLDUN.RF onto the system, as opposed to only TROJ_DLOADR.IB in the first spam sample. Trend Micro detects the attached ZIP files of the first and second spam samples as TROJ_DLOADZIP.A and TROJ_PAKES.AXQ, respectively.

Worth noting is that the latter variant delivers a more damaging payload than the first. It may be safe to speculate that this series of spam runs may get nastier as newer strains appear. But rest assured that Trend Micro will always be looking ahead to provide protection to its users through the Smart Protection Network.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Sunday, October 5th, 2008 at 8:57 pm and is filed under Malware, Spam . You can skip to the end and leave a response. Pinging is currently not allowed.



Leave a Reply


A New YouTube Malware Tool
Rogue AV Tactics Continue to Threaten


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice