Business-related message carries trojan.
A vaguely official-sounding email is being widely spammed, claiming to relate to some nebulous business activity between the sender and recipient, but actually forming another vector for spreading malware. The text reads like a variant of the classic 419 scam, but veers off into a lure to open the infected attachment.
The body of the email reads as follows:
-
Hello! Maybe you can explain me what’s going on? My name is [sender], since recent times I’ve been working online for a company, which has a site www.[suspect website].biz. I performed financial transactions consisted in receiving and transferring money into different payment systems. When I read notifications from company about new tasks, in the letter’s recipients list were more than one e-mail, including yours: [recipient’s address]
-
Maybe you are also member of the company? The last received order was to receive large amount of money (40000 USD) transferred on my Bank of America account. However, the task wasn’t completely fulfilled. Those properties given by the company, turned out to be closed for some reason. I wanted to write in Support service, but to my great surprise, the site of this organization is not available now, and e-mail sends back letters.
-
I think you are somehow related to the company and will be able to help me. I responsibly performed my duties and am willing to work again. In the attachment I wrote the details of received payment, fed ware, and properties, given for sending. I’m looking forward to hearing from you soon.
Attached to the mail, generally in a file called ‘au.exe’, is a variant of the ‘Haxdoor’ backdoor trojan, already detected either explicitly or generically by most AV products.
Posted on 31 August 2006 by
Virus Bulletin
Leave a Reply