New method of infecting computer

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Well, it's new to me!

Checking the junk folder this evening I found an e-mail purporting to be
from Southwest Airlines thanking me for opening an account with them and
buying a ticket, and stating a receipt and printable ticket were
attached. I did not of course buy a ticket from SW Air, so I suspected
an ID theft.

My first impulse was to open the attachment, to see whether a ticket had
in fact been charged to my credit card, so that I could contact SW Air
and have them cancel it, etc.

But the attachment was a zip file, which struck me as odd. I saved it to
a temp folder on the desktop, extracted it there, and saw it was an
*.exe file. Spybot (not updated for a week) found nothing, AVG found
SHeur2.EIP. Neither found anything in the zip file.

So we have a threat (Trojan horse) masquerading as another threat (ID
theft). Cunning.

FYI & HTH

--
Wolf Kirchmeir

Re: New method of infecting computer


| Well, it's new to me!

| Checking the junk folder this evening I found an e-mail purporting to be
| from Southwest Airlines thanking me for opening an account with them and
| buying a ticket, and stating a receipt and printable ticket were
| attached. I did not of course buy a ticket from SW Air, so I suspected
| an ID theft.

| My first impulse was to open the attachment, to see whether a ticket had
| in fact been charged to my credit card, so that I could contact SW Air
| and have them cancel it, etc.

| But the attachment was a zip file, which struck me as odd. I saved it to
| a temp folder on the desktop, extracted it there, and saw it was an
| *.exe file. Spybot (not updated for a week) found nothing, AVG found
| SHeur2.EIP. Neither found anything in the zip file.

| So we have a threat (Trojan horse) masquerading as another threat (ID
| theft). Cunning.

| FYI & HTH

| --
| Wolf Kirchmeir

No, just a case of Social Engineering to get you infected with a Zbot.

This is not unlike the rash of UPS emails.

Example:

Subject:   Your Tracking # 895739706633

Sorry, we were not able to deliver postal package you sent on November the 1st
in time
because the recipients address is not correct.

Please print out the invoice copy attached and collect the package at our office.
If you do not receive package in ten days you will have to pay 36$ per day.

Your UPS

------------
Contains UPSINVOICE.zip  --> UPSINVOICE.exe

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: New method of infecting computer

Wolf Kirchmeir wrote:

Quoted text here. Click to load it

<lol>

Quoted text here. Click to load it
<snip>

Only slightly more cunning than the Amish Virus...   :-)

(google it if you don't understand)

--
   -bts
   -Friends don't let friends drive Windows

Re: New method of infecting computer

Beauregard T. Shagnasty wrote:
Quoted text here. Click to load it


ROTFL.

We live sheltered life up here in Northern Ontario. ;-)

--
Wolf Kirchmeir

Re: New method of infecting computer

$9a6e19ea@news.newshosting.com:

Quoted text here. Click to load it

Well yea.. Snow does tend to stop pretty much, everything. :)


--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
  


Site Timeline