MSN Messenger spam contains Trojan

By

A fake update claiming to be from MSN Messenger contains a malicious Trojan.


A fake update claiming to be from MSN Messenger contains a malicious Trojan.

Identified by the Websense Security Labs ThreatSeeker Network, the spam message is intended to lure users into downloading the Trojan. The claims that by downloading the application linked within the email, users can protect themselves against a virus that spams messages to a user's contacts.

The email offers an update to Live Messenger Plus which upon accessing downloads the Trojan (md5: 5F1D2521F6949F8B71B9FF93C17A8BE2), which Websense claims has a low antivirus detection rate.

The URLs provided in the email redirect the user to a two-stage downloader named dsc.scr. As a distraction for the user, a dialog box is displayed explaining that the user will be redirected to msn.com.br, a browser then opens pointing to this site.

The downloader first contacts hxxp://*snip*ario.com/games_06.jpg, and then hxxp://*snip*ario.com/games_04.jpg, adding the two files to the root of C:

A scheduled task is then created, and modifications are made to autoexec.bat to disable GBPlugin and other tools promoted by Brazilian banks to protect against such keyloggers and other malware.

The malware then goes on to conduct information-stealing activities.

See original article on scmagazineuk.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?