The Latest in IT Security

Brazilian spambot spreads like fire


A legitimate Canadian website is hosting a Trojan:

The zip archive contains a file with a .cpl extension.

Control Panel Files are normally used by the Windows Control Panel where each icon corresponds to a file, such as Access.cpl, Appwiz.cpl etc.

Anyway, what a lot of people don’t know is that such files can be run by double clicking them, just like any other “.exe”.

This is what happens when you execute it:

Which triggers an escalation of malicious code:

More malware is downloaded from: (IP:

File system modifications include the creation of a “programfiles” folder (not to be confused with the legit Program Files one):

One of the immediate payload of this Trojan is spam, at a rate of several hundred emails per minute:

This particular spambot is targeting Brazilian users, as you may see during the infection process:

The bad guys left out a ‘counter’ page in the clear which you would have caught if you were running Fiddler:

It shows you other infected computers, with the vast majority located in Brazil:

I have contacted the Canadian website mentioned above so they remove this piece of malware to prevent further infections.

Jerome Segura

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments