A Trojan that masquerades as a fake credit profile and loan application was discovered overnight in Australia, according to a managed services provider.
David Banes, technical director for Asia Pacific at managed services provider MessageLabs, told iTnews the first copy was discovered in Australia, outside normal business hours.
“Intercepting the first copy going to an Australian email address doesn't necessarily mean that it originated here,” Banes added. “[There are] not any obvious indicators Australians were being targeted by this.”
MessageLabs was referring to the Trojan horse program as Troj/Downloader!4c52 –- also known as Downloader-DI -- which arrives as an email attachment. It appears as if the email is spammed from a number of different email addresses around the world, according to a statement issued by the company.
“The attachment has a double extension ending in .htm.pif,” it states. “The sender's email address is forged, and therefore does not indicate the true identity of the sender.”
According to MessageLabs, the Trojan then tries to download a further component from a free hosting site in Russia. “After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to act as a proxy server, [that is] it allows someone to channel any Internet activities through the infected computer without the recipient's knowledge,” the statement said.