Monthly Archive for September, 2008

Page 3 of 5

Emold: contract_I1.zip

Published on September 15, 2008 in Malware & Virus Analysing. 0 Comments Tags: .

Seit heute Morgen verbreitet sich wieder einmal mehr der Trojaner Emold (aka AutoRun) mit einer neuen Spam-Welle:

Betreff: Contract of order fulfillment
Dear customers,
We have prepared a contract and added the paragraphs that you wanted to see in it.
Our lawyers made alterations on the last page. If you agree with all the provisions we are ready to make the payment on Friday for the first consignment.
We are enclosing the file with the prepared contract.

If necessary, we can send it by fax.
Looking forward to your decision.

Der Betreff sowie die Anrede variiert:

Betreff:

  • Loan Contract
  • Contract of order fulfillment
  • Your new labour contract
  • Permit for retirement
  • Rent contract
  • Record in debit of account
  • Contract of retirement

    • Anrede:

  • Good morning
  • Dear customers
  • Good day
  • Hello
  • Good afternoon

    • Im Attachement contract_I1.zip befindet sich die Ausführbare Datei contract_I1.doc.exe, welche den Trojaner beinhaltet:

    Filename: contract_I1.doc.exe
    File size: 32768 bytes
    MD5…: f330f419cfee85c7a2ac2969194b5cf3
    SHA1..: 68053520b595274efa7dcbf9921fe3ebc2937ae2
    Erkennungsrate: 9/36 (25%)

    Am Verhalten des Trojaners hat sich nichts geändert (Siehe Post vom 28.8.08).

    Emold: eTicket_I2.zip

    Published on September 12, 2008 in Malware & Virus Analysing. 0 Comments

    Seit heute Morgen versendet sich Emold (AutoRun) wieder einmal unter dem Deckmantel von Fluggesellschaften:

    Betreff: Your Online Flight Ticket N 38885
    Dear customers,
    Thank you for using our new service “Buy airplane ticket Online” on our
    website.
    Your account has been created:

    Your login: *youremailaddress*
    Your password: pass8OFW

    Your credit card has been charged for $683.14.
    We would like to remind you that whenever you order tickets on our website
    you get a discount of 10%!
    Attached to this message is the purchase Invoice and the airplane ticket.
    To use your ticket, simply print it on a color printed, and you are set to
    take off for the journey!

    Kind regards,
    Spirit Airlines

    Die Ticket-Nummer im Betreff, der Absender sowie die Anrede variiert:

    Absender:

  • Southwest Airlines
  • Northwest Airlines
  • Delta Air Lines
  • Spirit Airlines
  • American Airlines

    • Anrede:

  • Greetings
  • Dear customers
  • Good day
  • Good afternoon

    • Im Attachement eTicket_I2.zip befindet sich die Ausführbare Datei eTicket_I2.doc.exe welche wie gewohnt den Trojaner Emold beinhaltet:

    Filename: eTicket_I2.doc.exe
    File size: 38400 bytes
    MD5…: f4bda06f2e92bc79ef836170c975b0dc
    SHA1..: 360f4fb1f1b07608b6ab9abee71edbebdeafa7c9
    Erkennungsrate: 15/36 (41.67%)

    Am Verhalten des Trojaners hat sich nichts geändert (Siehe Post vom 28.8.08).
    economics-recluse
    Scene
    Urgent!