Another Trojan downloader is being spammed across email inboxes once again. To be detected in OPR 3.907.00 as TROJ_STRAT.FN, these Trojans arrive in a spammed email as an attachment. In some spammed emails, the attachment’s filename uses double extensions and may contain trailing characters to trick unsuspecting users into clicking the file.
As of this writing, we have received different samples of this malware with the following MD5 hashes:
- 474f816ce65098b6…
- e738bf610c4bd6b4…
- 378d820bd8c2020a…
- 3b7c949142866a1a…
- fa9f9eb766fdbd0c…
- f8de651c11645d8a…
Though they may have different MD5 hashes, these samples exhibit the same behavior. Initial analysis has shown that upon execution, the malware downloads a variant of WORM_STRAT from a particular location.
The appropriate channels have been alerted to provide a solution for this threat. Stay tuned for updates.
