a new targeted Trojan “document” doing the rounds

muckshifter

I'm not weird, I'm a limited edition.
Moderator
Joined
Mar 5, 2002
Messages
25,751
Reaction score
1,210
It is another word “document” with a malicious embedded object similar to the BBB, IRS, FTC and other targeted trojan “documents” that have been seen lately.

The file sent is Proforma_Invoice.doc
Those AV vendors that recognized at virustotal were:

Authentium 4.93.8 06.15.2007 W32/Dropper.ESR
Fortinet 2.85.0.0 06.15.2007 W32/Nuclear!tr
Sophos 4.18.0 06.12.2007 Troj/BHO-BP
Symantec 10 06.15.2007 Downloader
Panda 9.0.0.4 06.15.2007 Suspicious file

The document itself contains a icon of a pair of books (blue and yellow) and a magnifying glass and the text ...

“DOUBLE CLICK THE ICON ABOVE
TO VIEW THE DOCUMENT DETAILS”

The icon represents a “Packaged Object”.

Clicking the icon in XPsp2 resulted in a windows popup box that stated:
“The publisher could not be verified. Are you sure you want to run this software?
Name: C_PROFOR~1.EXE
Publisher: Unknown Publisher
Type: Application

The three copies that have been seen so far were all the same, all were 689,152 bytes long and all had a md5 hash of 47fff5b9d3765b70571454146ea9f244.

A word of caution: Do NOT open strange documents or run untrusted binaries on a machine you don’t wish to format and reinstall the OS on!

:user:
 
Back
Top