SophosLabs blog

Remember the spoof Symantec application spammed out to Portugese users we blogged about yesterday? Well, today I have noticed the same attack continuing, though the attackers have changed the spam message social engineering. It now targets Portugese UOL Cartoes users.

The link the victims are enticed to click on points to the same compromised domain as yesterday, but to a different file this time.

www.[legit-domain].cz/[Uol_email-Imagem].exe

Once again, this is a downloader Trojan, again proactively detected as Mal/DelpDldr-C. Though not identical, it is similar to the downloader we saw yesterday. It downloads an additional file to those we observed with yesterday’s Trojan - ashset.exe. Happily this is proactively detected as Mal/Behav-103.

Posted on November 8th, 2008 by Fraser Howard, SophosLabs UK
Filed under: Malware, Spam

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Spammed banking malware masquerading as Symantec software
• Phish of the day
• Zbot (aka Prg) banking Trojan distribution
• Server upgrade spam redux
• Barack Obama exploited in malware spam attack