Get your Computer Fixed Today

Thursday, September 04, 2008

I just received the following email message in my inbox:

Subject:Your Online Flight Ticket N 49444

Greetings, Thank you for using our new service "Buy airplane ticket Online" on our website. Your account has been created:
Your login: israel@leichtman.net Your password: passR5AW
Your credit card has been charged for $601.66. We would like to remind you that whenever you order tickets on our website you get a discount of 10%!
Attached to this message is the purchase Invoice and the airplane ticket. To use your ticket, simply print it on a color printed, and you are set to take off for the journey!
Kind regards, Southwest Airlines
If you get such an email DO NOT OPEN THE ATTACHMENT

Attachments are .zip files with filename E-ticket_N7399294.zip (random number) with inside a E-ticket_N7399294_and_Invoice_for_N73992943442.exe.

On an infected computer the trojan will create a new files like %System%\ntos.exe, %System%\wsnpoem\audio.dll, %System%\wsnpoem\video.dll and creates a new directory %System%\wsnpoem.

It also adds and modifies entries in the Windows registry and make connection with a server for http://*********.ru/alaska/alaska.bin. It opens random TCP ports in order to provide backdoor capabilities.

# posted by lnacomp : 10:29 PM Social bookmark this Visit My Current Blog!

 Subscribe in a reader