Spamvertised "Reqest Rejected" campaign leads to scareware

Spamvertised "Reqest Rejected" campaign leads to scareware

Summary: A currently spamertised campaign is enticing end users into downloading and executing a malicious attachment.

SHARE:
TOPICS: Malware, Security
16

A currently spamertised malware campaign is enticing end users into downloading and executing a malicious attachment.

Sample subject: Reqest rejected Sample message: "Dear Sirs, Thank you for your letter! Unfortunately we can not confirm your request! More information attached in document below. Thank you Best regards." Sample attachments: EX-38463.pdf.zip; EX-38463.pdf.exe

Upon execution the binary downloads additional files, in this case a scareware variant. Detection rate for TrojanDownloader:Win32/Chepvil.J.

See also:

Topics: Malware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

16 comments
Log in or register to join the discussion
  • Not sure why people do this

    I never really got why people do this. I guess the people that make these like to show people what they can do by sending these malicious attachments/viruses. That's why it I always scan attachments with my antivirus software before opening. Antivirus software are getting a lot better(they have to) but, I guess it is always about playing "catch up." I did see that Kaspersky is developing a few cool products that can remove malware within seconds( http://www.softwarecrew.com/2011/04/tdsskiller-detects-and-removes-even-unknown-rootkits-in-seconds/ ). It all comes from the source. If we built computers that didn't allow viruses (like a mac), this would stop a lot of this.
    ,mattehorn
    • RE: Spamvertised

      @,mattehorn

      macs don't allow viruses? ummm.
      http://www.pcworld.com/article/208540/mac_users_warned_of_growing_virus_threat.html
      eriksmalley
    • Error in your thesis

      @,mattehorn
      This is wrong.
      <i>If we built computers that didn't allow viruses (like a mac), this would stop a lot of this</i>

      Macs allow any software to be installed once the Admin user enters a password. Similar to Windows UAC, this technical protection cannot stop the "security weakest link" which is simply to fool the person at the keyboard.

      The difference is only one of execution, though, and Macs can be, have been, and will be the victims of malicious software just like Windows PCs if their users aren't vigilant.
      use_what_works_4_U
      • RE: Error in your thesis

        @macadam

        As much as the rabid ABMer (<b>Always Bash Micro$oft</b>) in me appreciates the sentiment; I hate to tell you that it is NOT the O/S that is completely at fault.

        I have had my share of WindoZE troubles, and have finally left <b>them</b> behind when I switched to Ubuntu some 4 years ago. While much safer, that in and of itself, <b>does not excuse <u>stupidity</u></b>. Surf to a bad site, you can get taken.

        You can be pwned in Linux if you are not careful; but the target sitting on the back of a Linux user is quite smaller compared to his WindoZE using brother.

        Usually it is a case of PEBKAC (for those that don't know: <i>Problem Exists Between Keyboard And Chair</i>).

        WindoZE users need to stop their `click monkey` behavior, and THINK before clicking on links.
        fatman65535
    • RE: Spamvertised

      @,mattehorn
      "If we built computers that didn't allow viruses (like a mac), this would stop a lot of this."

      LMAO! If I were one of those lowlifes that writes malicious software, I'd *LOVE* for people to believe that! One of the WORST security flaws is /believing/ you're secure, when you're not.
      Software Architect 1982
  • This is old news.

    This is old news. There isnt a week that goes by that this exploit isnt running from some exploited web site or ad network. Catch the criminals and put them in jail,go after the ISPs that harbor theses criminals and block them from the internet as well.
    In ohter words stop playing games and get it fixed already
    Stan57
    • RE: Catch the criminals and put them in jail ....

      @Stan57

      Sorry Stan, I would be much harsher in exacting punishment, I would subject them to <b>summary execution</b> on conviction. Zero chance of becoming a repeat offender.
      fatman65535
      • Agreed

        @fatman65535

        People who write malicious code are oxygen thieves who don't deserve to live.

        No one is worse than an intelligent person who uses his intelligence for evil purposes.
        sissy sue
  • LOL.....

    .....Only in a Microsoft world do you have this garbage going on. Such poorly written/designed code. The world is laughing at you.
    james347
    • RE: Spamvertised

      @james347

      No, it's only in your twisted little ABM world, loser. And we laugh at you.
      Hallowed are the Ori
  • effin awesome...

    ... is the fact someone can say something like

    "If we built computers that didn't allow viruses (like a mac), this would stop a lot of this"
    with a straight face. you sound so sure but are so wrong. now about the post...

    thanks Mr. Danchev for the reminder. even the best of us tech pros get complacent and kinda forget people still do this. make sure you follow safe practices.
    dariquew@...
  • RE: Spamvertised

    I'm amazed that people open EXEs sent via e-mail. Stunned even. Well, come to think of it, there are probably people that'd open "ThisIsAVirusThatWillTakeAllYourMoney.EXE". So, maybe I shouldn't be so surprised.
    Software Architect 1982
    • RE: I'm amazed that people open EXEs sent via e-mail

      @Digital Video Expert

      But, there are those whose intelligence is questionable.

      I recall in the past sending some product photos to a customer packed in a "self executing" file. His IT department was not too thrilled at that. I ended up sending the photos individually; and removed that application from my system, once i appreciated its security implications.
      fatman65535
    • Innocents at the computer

      @Digital Video Expert
      I too am amazed, but then we can't expect the entire computer-using planet to be savvy.

      My husband is a highly intelligent mechanical engineer, but I had a devil of a time trying to explain to him what an *.exe file was.
      sissy sue
  • RE: Spamvertised

    One of the easiest ways to spot this type of thing is to tell windows to show all extensions. If you see files with .pdf.exe or .doc.exe etc. on the end there is a 99.99% chance that they are Trojans. If you see files with extensions on them in windows and it is set to hide the extensions , then there is a good chance those are Trojans to. I normally prefer to go into the folder options file types settings of most of the common file types such as .pdf .doc .txt etc. and change the default icons to a non standard icon. If I then see a file on my computer displaying the standard icon instead of the one I have set I make sure to check it is what it is meant to be. Most of those Trojans imbed a copy of the standard icon in the .exe file to help fool you. This is a good way to spot those Trojans when you might not be able to see all the file name!
    NZJester
  • RE: Spamvertised

    Well done! Thank you very much for professional templates and community edition

    <a href="http://www.yuregininsesi.com" title="seslichat">sesli chat</a> <a href="http://www.yuregininsesi.com" title="seslisohbet">sesli sohbet</a>
    talih