| |
 | | http://www.securitymanager.net/magazine/news_h12385_new_email_virus_poses_as_london_terrorist.html |
MessageLabs, the leading provider of email security and management services to businesses, has intercepted several copies of an email posing as a video news clip of yesterday’s terrorist attack in London which instead contains a Trojan designed to compromise the recipient’s computer. The email containing this Trojan has been crafted to appear as a CNN Newsletter which asks you to ‘See attachments for unique amateur video shots’.
When executed the attachment copies itself to %Windir%\winlog.exe and modifies the Windows registry key ‘HKLM/Software/microsoft/Windows/CurrentVersion/Run’ so that it runs automatically on system start-up. The Trojan then attempts to obtain a list of the SMTP servers that the victims machine is configured to use and starts to use these servers to send large volumes of unsolicited mail.
Email characteristics:
Sender address: breakingnews@cnnonline.com
Email subject: TERROR HITS LONDON
Filename: 'London Terror Moovie.avi <124 spaces> Checked By Norton Antivirus.exe'
08.07.2005, MessageLabs
| |
| |
| |
© 1999-2009 | |
| |
