BannerPortlet

Blogs

Recently, there have been junk emails faking United States Postal service, informing that one Postal Pakage is faulty. The email requires users to fill in an attached file whose icon looks like the icon of an ordinary Excel file. Actually, this is a malicious file which takes advantage of user’s incaution to execute virus and inject malicious code to user’s computer.

Figure 1: Email’s content

To bypass users’ spam filter, this spam email contains an image file instead of a text file like usual.

Up to the writing time, not many AVs have been able to detect the virus spread by this email. http://www.virustotal.com/file-scan/report.html?id=a784d80e1d0cda2cfe9f9fc5325d42825c3171e96954c7d54760fca50d492f65-1285638618

Upon execution, this virus (detected as W32.FakeUSPS.Worm by Bkav):

  • Dumps file Dll:  %System32%\bfky.ojo.
  • Modifies the value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell] by inserting "bfky.ojo" to this key’s value to execute virus on computer’s startup.
  • Receives commands from control server: micro-viagra.ru

Users are recommended to be more cautious on opening file attached with emails of unknown origin or emails with unauthenticated content.

Nguyen Van Sao

Malware Researcher

Leave a Reply

Name (required)
Mail (hidden) (required)
Website
Text to Identify
Reload-Capcha
CAPTCHA Code *

Popup Date Time Portlet

Blogs Aggregator

Recent Posts

Blog Category Portlet

Categories

Store Portlet

Archives

Vote Baby Portlet