The Latest in IT Security

Fake “Windows XP Recovery” tool.

08
Jun
2011

We have analyzed below malicious email. As usual it pretends to be from DHL Inc.

As we can see this email has a zip file attachment which contains a malware.
On extraction of this zip file user gets an executable file which has icon like a pdf file.

If this file gets executed it runs a script file from url “http://9X.6X.9.15/f/g.php”
and downloads the fake tool file from the url “http://6X.9X.116.16/pusk3.exe”

After downloaded file is executed on the affected machine and it works as a fake “Windows XP Recovery” tool.
It hides all the items which are presents on the users desktop. It displays frequently a fake “Hard Drive Failure”
error message. The fake tool is as shown below:

Quickheal detects the malware file as “TrojanDownloader.Dapato.dt” so users are already gets protected.
We recommends the users not to open such attachments from the unknown emails.

Leave a reply


Categories

FRIDAY, JULY 23, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments