SophosLabs blog

Another day another Dorf campaign, this weekend saw another episode in the ongoing ’storm’ of spam emails with links to download Dorf.

This variant of the spam is using the lure of Arcade Games to tempt users to download Mal/Dorf-E.

As you can see we detect the webpage proactively (Troj/JSXor-Gen). We also detect the executable proactively (Mal/Dorf-E). The only change SophosLabs were required to make was to update our Spam Genotype.

Plus ca change, plus c’est la meme chose. Dorf is changing but there is enough unchanged for our proactive detection to work.

Posted on September 17th, 2007 by Pob, SophosLabs, UK
Filed under: Malware, Spam

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• NFL Kickoff weekend and another Dorf malware campaign
• Dorf: Amero, postcards, FBI vs. Facebook
• All Work And No Play Makes Dorf Spammer … Er … Irritating!
• A Rather Dorf Rootkit
• A not so friendly Ecard