Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    Mar21
    1:48 am (UTC-7)   |    by

    Today we received two samples related to the TROJ_YABE malware family with different MD5 hash.

      Detection
    File Name : Rechnung-Single.de.doc.exeTROJ_YABE.BT
    File Size : 18,432 bytes
    MD5: 3dc607942049e82e7108443cc5d87403: c85657e8cda72be356554856f4158562
    Downloaded Files: ws25.exe (116,952 bytes): ws26.exe (116,952 bytes)TROJ_DLOADER.KEH
    Related File: ipv6monl.dll (84,184 bytes)TSPY_BZUB.CX
    Download URL: http://www.{blocked}-hovic.sk/_sub/wap/iexplorer.exe: http://www.{blocked}.sk/_sub/suchy/admin/img/iexplorer.exe
    As with the recent YABE variants, this new sample also used the monthly bill from German Telekom for its social engineering. Here are some sample emails:

    A second wave of spamming was also reported. Following are some details:





















      Detection
    File Name : T-Com.pdf.exeTROJ_YABE.BT
    File Size : 44,032 bytes
    Downloaded Files: win994.exe (100,056 bytes)TSPY_BZUB.CX
    Related File: ipv6monl.dll (66,776 bytes)TSPY_BZUB.CX

    Thanks to Alice Decker for the valuable information.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice