Kaspersky Labs described the mass mailing as "unusual" because the messages attempt to spoof the email address firstname.lastname@example.org.
The Lafool.v infection is hidden in a Word document called 'McAfee Inc. Reports.doc'. The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the internet.
However, the document actually contains a macro written in Visual Basic for Applications.
Lafool.v extracts a new modification of LdPinch, a well-known Trojan password stealing program, from itself and launches it for execution, Kaspersky Labs warned.
LdPinch steals passwords to a number of services and applications, including AOL Instant Messenger and ICQ, and other confidential user data.
Kaspersky Anti-Virus detects the new variant of this program as Trojan-PSW.Win32.LdPinch.bbg.
Malicious Trojan poses as McAfee alert
By Robert Jaques on Nov 7, 2006 10:04AM