Malware writers are again taking advantage of curious readers by sending out email messages related to recent news events that contain malicious attachments.
One particular sample detected as TROJ_AZAH.A comes disguised as a folder. A curious user may “open” the disguised file and run it. Among the folder names used are:
- Philippine-HK News
- Rise of Global Terrorism and U.S. Strategy
- Status and Future of Global Torture 2010
- Status and Future of U.S. Textile Industry
- Status and Future of Worldwide Press Freedom 2010
- Strategy of US Global Military—Role of Singapore
- U.S. Strategy—Troops Leave Iraq
Once executed, the malware deletes itself and attempts to create a real folder that may contain a .PDF or .DOC file. However, during testing, the malware was unable to create the said files.
As its final payload, it attempts to access a URL to download other malware. Unfortunately, in our recent testing, its download routine has been unsuccessful.
Nevertheless, we shouldn’t let our guards down, as future variants may well use this exact same line of attack. Just in case, Trend Micro already blocks the URLs related to this malware.
Users are advised to avoid opening email attachments, especially if these come from unknown senders.