ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Spamvertised "Reqest Rejected" campaign leads to scareware

By | April 12, 2011, 11:13am PDT

Summary: A currently spamertised campaign is enticing end users into downloading and executing a malicious attachment.

A currently spamertised malware campaign is enticing end users into downloading and executing a malicious attachment.

Sample subject: Reqest rejected
Sample message:Dear Sirs, Thank you for your letter! Unfortunately we can not confirm your request! More information attached in document below. Thank you Best regards.
Sample attachments: EX-38463.pdf.zip; EX-38463.pdf.exe

Upon execution the binary downloads additional files, in this case a scareware variant. Detection rate for TrojanDownloader:Win32/Chepvil.J.

See also:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Malware, Scareware, Security, Cyberthreats, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
16
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Spamvertised
talih Updated - 12th Aug
Well done! Thank you very much for professional templates and community edition

sesli chat sesli sohbet
View in thread
0 Votes
+ -
Not sure why people do this
,mattehorn 12th Apr 2011
I never really got why people do this. I guess the people that make these like to show people what they can do by sending these malicious attachments/viruses. That's why it I always scan attachments with my antivirus software before opening. Antivirus software are getting a lot better(they have to) but, I guess it is always about playing "catch up." I did see that Kaspersky is developing a few cool products that can remove malware within seconds( http://www.softwarecrew.com/2011/04/tdsskiller-detects-and-removes-even-unknown-rootkits-in-seconds/ ). It all comes from the source. If we built computers that didn't allow viruses (like a mac), this would stop a lot of this.
0 Votes
+ -
RE: Spamvertised
eriksmalley 12th Apr 2011
@,mattehorn

macs don't allow viruses? ummm.
http://www.pcworld.com/article/208540/mac_users_warned_of_growing_virus_threat.html
0 Votes
+ -
Error in your thesis
use_what_works_4_U 13th Apr 2011
@,mattehorn
This is wrong.
If we built computers that didn't allow viruses (like a mac), this would stop a lot of this

Macs allow any software to be installed once the Admin user enters a password. Similar to Windows UAC, this technical protection cannot stop the "security weakest link" which is simply to fool the person at the keyboard.

The difference is only one of execution, though, and Macs can be, have been, and will be the victims of malicious software just like Windows PCs if their users aren't vigilant.
0 Votes
+ -
RE: Error in your thesis
fatman65535 13th Apr 2011
@macadam

As much as the rabid ABMer ( Always Bash Micro$oft ) in me appreciates the sentiment; I hate to tell you that it is NOT the O/S that is completely at fault.

I have had my share of WindoZE troubles, and have finally left them behind when I switched to Ubuntu some 4 years ago. While much safer, that in and of itself, does not excuse stupidity . Surf to a bad site, you can get taken.

You can be pwned in Linux if you are not careful; but the target sitting on the back of a Linux user is quite smaller compared to his WindoZE using brother.

Usually it is a case of PEBKAC (for those that don't know: Problem Exists Between Keyboard And Chair).

WindoZE users need to stop their `click monkey` behavior, and THINK before clicking on links.
0 Votes
+ -
RE: Spamvertised
Software Architect 1982 13th Apr 2011
@,mattehorn
"If we built computers that didn't allow viruses (like a mac), this would stop a lot of this."

LMAO! If I were one of those lowlifes that writes malicious software, I'd *LOVE* for people to believe that! One of the WORST security flaws is /believing/ you're secure, when you're not.
0 Votes
+ -
This is old news.
Stan57 12th Apr 2011
This is old news. There isnt a week that goes by that this exploit isnt running from some exploited web site or ad network. Catch the criminals and put them in jail,go after the ISPs that harbor theses criminals and block them from the internet as well.
In ohter words stop playing games and get it fixed already
0 Votes
+ -
RE: Catch the criminals and put them in jail ....
fatman65535 13th Apr 2011
@Stan57

Sorry Stan, I would be much harsher in exacting punishment, I would subject them to summary execution on conviction. Zero chance of becoming a repeat offender.
0 Votes
+ -
Agreed
sissy sue 14th Apr 2011
@fatman65535

People who write malicious code are oxygen thieves who don't deserve to live.

No one is worse than an intelligent person who uses his intelligence for evil purposes.
0 Votes
+ -
LOL.....
james347 13th Apr 2011
.....Only in a Microsoft world do you have this garbage going on. Such poorly written/designed code. The world is laughing at you.
0 Votes
+ -
RE: Spamvertised
Hallowed are the Ori 14th Apr 2011
@james347

No, it's only in your twisted little ABM world, loser. And we laugh at you.
0 Votes
+ -
effin awesome...
dariquew@... 13th Apr 2011
... is the fact someone can say something like

"If we built computers that didn't allow viruses (like a mac), this would stop a lot of this"
with a straight face. you sound so sure but are so wrong. now about the post...

thanks Mr. Danchev for the reminder. even the best of us tech pros get complacent and kinda forget people still do this. make sure you follow safe practices.
0 Votes
+ -
RE: Spamvertised
Software Architect 1982 13th Apr 2011
I'm amazed that people open EXEs sent via e-mail. Stunned even. Well, come to think of it, there are probably people that'd open "ThisIsAVirusThatWillTakeAllYourMoney.EXE". So, maybe I shouldn't be so surprised.
0 Votes
+ -
RE: I'm amazed that people open EXEs sent via e-mail
fatman65535 13th Apr 2011
@Digital Video Expert

But, there are those whose intelligence is questionable.

I recall in the past sending some product photos to a customer packed in a "self executing" file. His IT department was not too thrilled at that. I ended up sending the photos individually; and removed that application from my system, once i appreciated its security implications.
0 Votes
+ -
Innocents at the computer
sissy sue 14th Apr 2011
@Digital Video Expert
I too am amazed, but then we can't expect the entire computer-using planet to be savvy.

My husband is a highly intelligent mechanical engineer, but I had a devil of a time trying to explain to him what an *.exe file was.
0 Votes
+ -
RE: Spamvertised
NZJester 13th Apr 2011
One of the easiest ways to spot this type of thing is to tell windows to show all extensions. If you see files with .pdf.exe or .doc.exe etc. on the end there is a 99.99% chance that they are Trojans. If you see files with extensions on them in windows and it is set to hide the extensions , then there is a good chance those are Trojans to. I normally prefer to go into the folder options file types settings of most of the common file types such as .pdf .doc .txt etc. and change the default icons to a non standard icon. If I then see a file on my computer displaying the standard icon instead of the one I have set I make sure to check it is what it is meant to be. Most of those Trojans imbed a copy of the standard icon in the .exe file to help fool you. This is a good way to spot those Trojans when you might not be able to see all the file name!
0 Votes
+ -
RE: Spamvertised
talih Updated - 12th Aug
Well done! Thank you very much for professional templates and community edition

sesli chat sesli sohbet

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix