Malware Conceals Itself as Boss’s Letter

Trend Micro threat analysts found spammed messages that pretend to be a letter coming from the “boss”. It bears the subject “get back to my office for more details” and instructs users to read the attached ZIP file, which contains a letter. The ZIP attachment is, of course, not a letter but an .EXE file [...]Post from: TrendLabs | Malware Blog - by Trend MicroMalware Conceals Itself as Boss's Letter

Trend Micro threat analysts found spammed messages that pretend to be a letter coming from the “boss”. It bears the subject “get back to my office for more details” and instructs users to read the attached ZIP file, which contains a letter. The ZIP attachment is, of course, not a letter but an .EXE file (info.exe) detected by Trend Micro as TROJ_CUTWAIL.GT.

Click for larger view Click for larger view

Upon execution, TROJ_CUTWAIL.GT creates registry entries to automatically execute at every system startup. It also drops a Trojan dropper detected as TROJ_DROPR.ST. Cutwail is known as the ’spam engine’ of the notorious botnet, PUSHDO, which spammed around 7.7 billion spam a day last Q2.

For the past few days or so, Trend Micro has reported about various spam that used malicious attachments (ZIP or RAR) to hide the malware. This suggests that old tactics never die and continue to be an effective way of infecting users. We blogged about it in the following posts:

  • Spoofed Contract Carries Malware
  • Fake Facebook Password Notification Leads to Malware
  • FAKEAV Uses Conficker Worm as Bait

Users are advised to be wary in opening any attached file even if it comes from a person with authority or ‘boss’. Trend Micro users are protected via its Trend Micro Smart Protection Network that detects TROJ_CUTWAIL.GT and blocks the spammed email message. Non-Trend Micro products users can use free tools like HouseCall to stay secure from this attack.

Post from: TrendLabs | Malware Blog - by Trend Micro

Malware Conceals Itself as Boss’s Letter


Read Full Article

Written on Monday, 02 November 2009 00:36 by

Viewed 27 times so far.
Like this? Tweet it to your followers!

Rate this article

Latest articles from

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus

Site Search

Disqus Tools