TrendLabs recently received samples of a Trojan sent as an attachment to spammed mail bearing the subject Sexy Card from Hot Girl. The Trojan, detected by Trend Micro as TROJ_PUSHDO.AR is disguised as an animated e-card with nude photos of a certain Monica T. supposedly sent via Adult Sex Finder.
When the attachment is opened, this Trojan executes and installs itself on the affected system, registering itself as a service to ensure automatic execution. It then connects to the URL http://66.{BLOCKED}.252.215/s_60_3232297080?m... to download a file detected by Trend Micro as TROJ_PANDEX.AR. Its social engineering tactic is old news but what's interesting is its use of the term Adult Sex Finder as the supposed company that put together the provocative e-card. "Adult Sex Finder" bears such close-sounding recall to AdultFriendFinder- a Web site that claims to be the "world's largest adult sex and swingers site"- that one can't help but wonder if there is some kind of connection there.
AdultFriendFinder has been related to malware attacks in the past. Whether there is or there isn't any connection, TROJ_PUSHDO.AR is out there in the wild finding propagation partners: users that are lured by its lurid bait. Don't be that user. Trend Micro customers are encouraged to update to the latest pattern to be protected from this pesky spam attachment.