The Chepvil malware which comes via email as an attachment using another trick to spread, you may receive email stating that it is from IRS.gov. and the subject “IRS Notification Letter”. The email as shown below
The attachment comes with the names IRS document.rar. On extracting user gets an executable file with the pdf file icon.
If user open this execuable it then downloads files pusk.exe/pusk2.exe/pusk3.exe. As we can see from the http traffic:
The file pusk*.exe works as a rogueware application “Windows XP Repair” as shown below:
As usual it displays fake threat messages on the screen and forces the user to register the product
in order to remove these fake threats.
If you come across such E-mails do not open the attachment. Instead delete them and keep your Antivirus updated. Quick Heal detects the malicious attached file as “Trojan.Chepvil.K” and also block the domain. So users are already protected.
We recommend users not to open such attachments from the unknown emails.
Thanks Mahesh
Leave a reply
