Troj/Stinx-N is a backdoor Trojan for the Windows platform.
Troj/Stinx-N includes functionality to download and execute further code, and attempts to disable various security related processes.
At the time of writing Troj/Stinx-N is being agressively spammed out in emails with subject lines such as the following:
Campus Student Raped
Do you recognise this person?
Rape on Campus
The Trojan is included as an attachment, typically named "suspicious photo.exe", which the recipient is encouraged to open. The body of the email message is typically as follows:
Hello,
During the early morning of January 25 2006, a campus student was the victim of a horrific sexual assault within college grounds. Eyewitnesses report a tall black man in grey pants running away from the scene. Campus CCTV has caught this man on camera and are looking for ways to identify him. If anyone recognises the attached picture could they inform administraion immediatly
Regards,
Robert Atkins
Campus Administration
All information contained within this e-mail, including any attachment, is
confidential. If you have received this e-mail in error, please delete it
immediately. Do not use, disclose or spread the information in any way and notify the sender immediately. Any views and opinions expressed in this e-mail may not represent those of Business Monthly
The following emails have also been seen distributing Troj/Stinx-N:
Subject line:
Photo Approval Required
Message text:
Hello,
Your photograph has reached editing stage as part of an article we are publishing for our February edition of Traders World Monthly. Can you check over the format and get back to us with your approval or any changes?
If the picture is not to your liking then please send a preferred one. We've attached the photo with the article here.
Kind regards,
Jamie Andrews
Editor
TradersWorld
Subject line:
Payment Receipt
Message text:
Dear customer.
Thank you for your subscription to http://www.<adult-website>.com
You have been billed as Paycom LLC for the amount of: USA 49.99 for 30 days then USA 39.99 recurring every 30 days.
Time: 2006-1-05 20:38
Transaction ID: 965658
Amount: GBP 49.99
Applied to Account0: 10915104
Payment Method: VISA
Your new subscription identification number is:10915104, please keep this number in a safe place as it will be required for reference in all future correspondence regarding your membership.
Troj/Stinx-N is a backdoor Trojan for the Windows platform.
Troj/Stinx-N includes functionality to download and execute further code, and attempts to disable various security related processes.
When first run Troj/Stinx-N copies itself to <Windows system folder>\csrwjd.exe
The following registry entries are created to run cstsm.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ProtocolEventTsk
csrwjd.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ProtocolEventTsk
csrwjd.exe
At the time of writing Troj/Stinx-N is being agressively spammed out in emails with subject lines such as the following:
Campus Student Raped
Do you recognise this person?
Rape on Campus
The Trojan is included as an attachment, typically named "suspicious photo.exe", which the recipient is encouraged to open. The body of the email message is typically as follows:
Hello,
During the early morning of January 25 2006, a campus student was the victim of a horrific sexual assault within college grounds. Eyewitnesses report a tall black man in grey pants running away from the scene. Campus CCTV has caught this man on camera and are looking for ways to identify him. If anyone recognises the attached picture could they inform administraion immediatly
Regards,
Robert Atkins
Campus Administration
All information contained within this e-mail, including any attachment, is
confidential. If you have received this e-mail in error, please delete it
immediately. Do not use, disclose or spread the information in any way and notify the sender immediately. Any views and opinions expressed in this e-mail may not represent those of Business Monthly
The following emails have also been seen distributing Troj/Stinx-N:
Subject line:
Photo Approval Required
Message text:
Hello,
Your photograph has reached editing stage as part of an article we are publishing for our February edition of Traders World Monthly. Can you check over the format and get back to us with your approval or any changes?
If the picture is not to your liking then please send a preferred one. We've attached the photo with the article here.
Kind regards,
Jamie Andrews
Editor
TradersWorld
Subject line:
Payment Receipt
Message text:
Dear customer.
Thank you for your subscription to http://www.<adult-website>.com
You have been billed as Paycom LLC for the amount of: USA 49.99 for 30 days then USA 39.99 recurring every 30 days.
Time: 2006-1-05 20:38
Transaction ID: 965658
Amount: GBP 49.99
Applied to Account0: 10915104
Payment Method: VISA
Your new subscription identification number is:10915104, please keep this number in a safe place as it will be required for reference in all future correspondence regarding your membership.