We are getting reports of some our readers getting spam that includes the Trojan SPYEYE and Bot attack. The payload will attempt to connect to malicious sites to download updated Trojan and backdoor files.
The Spam includes zip files that may include subjects for DHL and UPS Deliveries.
Also, Our friends at McAfee are detecting the malware as Generic.bfr!a!BC834E044192.
Good Luck!
<Payload>
- DHL-01122011-TRACKING.exe
- UNITED_PARCEL_SERVICE-TRK-CP01132011.zip
The Following files have been added to the system:
•%TEMP%\512011.dmp
•%APPDATA%\Xibox\ikgyq.uho
•%APPDATA%\Xibox\ikgyq.tmp
•%TEMP%\510034.dmp
•%TEMP%\tmpebbcaf51.bat
•%APPDATA%\Afufd\xaymk.exe
The applications attempted the following malware connection(s):
- 91.200.188.191
- blogspotstone.com
- •hxxp://www.blogspotstone.com/*****
- fingertoblog.com
Advertisement
