Version: 2008
Advanced Search
advertisementShop RadioShack for Great Gifts
advertisement
advertisement

Forum display:

Spyware, viruses, & security : Websense - Department of Justice Trojan Horse

by Marianna Schmudlach Moderator - 12/3/07 3:47 PM
advertisement
Post 1 of 3

Websense - Department of Justice Trojan Horse

by Marianna Schmudlach Moderator - 12/3/07 3:47 PM

Dec 3 2007

Websense® Security Labs™ has discovered a new email attack variant similar to attacks previously launched on the IRS and Better Business Bureau. The spoofed email claims to be from the United States Department of Justice (USDOJ). We have been tracking these attacks and have previously reported on them on our site. We first alerted on this attack against the USDOJ here.

The message claims that a complaint to the USDOJ has been filed against the recipient's company. The email informs the reader that a copy of the original complaint has been attached to the email. The attached "complaint" is a Trojan .scr file with an MD5 of 083cdcb8b8cac465dc130348f88ac48d. The .scr drops a file named xp2007.dat in c:\ which is then silently added as a BHO in IE.

At the time of our discovery, none of the major anti-virus vendors had detected the malicious code.

Websense Security customers are protected from this threat.

Email screenshot:

http://www.websense.com/securitylabs/blog/blog.php?BlogID=162

Reply
Permalink
Report offensive post
Post 2 of 3

.pif version

by jodpur - 12/13/07 1:04 PM In reply to: Websense - Department of Justice Trojan Horse by Marianna Schmudlach Moderator

The version one of our employees received has a .pif extension. I'm trying to confirm whether it is maintaining log files with system information.

Reply
Permalink
Report offensive post
Post 3 of 3

,pif version...

by Marianna Schmudlach Moderator - 12/13/07 3:12 PM In reply to: .pif version by jodpur

that would then be the one from today:

The attached "complaint" is a Trojan downloader with some backdoor capabilities. It is a ".pif" file with an MD5 of 9e19d23f27ebf9cfe1b9103066a3019e. It appears, however, that different versions of the Trojan are sent, based on the targeted recipient or company.

http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=275651&messageID=2653157

Reply
Permalink
Report offensive post
rss
Forum legend:
Locked Locked thread
Moderator Moderator
CNET staff CNET staff
Samsung staff Samsung staff
Norton Authorized Support team Norton Authorized Support team
AVG staff AVG staff
Windows Outreach team Windows Outreach team
Dell staff Dell staff
Intel staff Intel staff
Powered by Jive Software
Forums
Site map
FAQs
Usage policies
Real time activity
Meet the moderators
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET