The Latest in IT Security

Your package has arrived!

11
Sep
2011

Below email seems to be arrived from United Parcel Service, International Shipping Company but its not. In fact it has a hidden link to a malicious website.

It downloads a binary invoice[random_number].JPG.exe with double extension which looks as if it is an image file.
Quick Heal detects this file as “Trojan.Menti.hygd”

When run, “Trojan.Menti.hygd” drops a copy of itself as a randomly named file:
%APPDATA%\random letter\random letters.exe

It also creates below registry key to run at Windows start.
HKCU\Software\Microsoft\Windows\Currentversion\Run\{GUID of Windows volume} = “%APPDATA%\random letters\random letters.exe”

The malware injects codes into the address space of the windows processes as below.

This trojan steals sensitive data from computer.
We suggest users to stay away from such emails.

Leave a reply


Categories

THURSDAY, SEPTEMBER 19, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments

Social Networks