Since 31/01 late afternoon, faked eMails appearing to be from the BKA (Germany’s Federal Criminal Police Office) are being spammed within Germany. The subject of such eMails are “Ermittlungsverfahren Nr. [number]”, where [number] is a random number. The email attachment is an EXE-file (e.g. 2981956.exe), which is detected as TROJ_DLOADER.KHZ. This trojan downloads another malware, which is detected as TSPY_BZUB.GK. If you receive such an email, just delete it. As a general advise for a corporate environment please block all .exe or .com files, if possible. The BKA issued a PR on this issue. If you assume your computer is already infected, you’re welcome to use our free online-scanner HouseCall.
Share this article