The Latest in IT Security

Of Spam and Speeding

19
Aug
2011

Our engineers over at the AV Labs have spotted recently a deluge of spam about a “traffic ticket” that purports to come from a state department in New York. The said

spam has a compressed file attachment that, once extracted, contains a file that bears the icon of a normal Adobe .PDF file. Mimicing file icons, of course, is a

common tactic used by criminals to appease any doubts or worries from recipients of such emails, which are actually malicious in nature.



“The malware appears to be sent from a botnet of unknown origin.” says GFI Spyware Researcher Adam Thomas.

When this supposed .PDF file is “opened,” it connects to sfkdhjnsfjg(dot)ru (a server in Ukraine) to download and execute the file, pusk3.exe. This .EXE file, detected as Trojan.Win32.Generic.pak!cobra, is a dropper/downloader.

As of this writing, it drops/downloads a rogue AV and TDL rootkit variants.

CNN has written an article about this ticket spam

early last month. Seeing that it’s still getting attention, we can surmise

that it still is very much at large.

VIPRE users are already protected from ever accessing and downloading interesting “goodies” from the .RU site. And you can protect yourself from nasty attachments

pretending to be something else by enabling file extension names of all files on your system. It’s a simple thing to do, yet it can save you from computer

security disasters.

Jovi Umawing (Thanks to Adam Thomas for the analysis)

Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments