Incidents

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Whoever spammed this malicious program has used social engineering techniques in a clever way. The message which the malicious program is attached to seems to be a forwarded message, complete with answer. The text hints at a hot date, and attached photos – the recipient is exhorted not to show them to any one.

Of course, such a text is designed to excite the reader’s curiosity, and maximize the change of the attachment being opened. When the recipient clicks on the attachment, Trojan-Downloader.Win32.Small.anh will be launched. The downloader will then install a range of other malicious programs on the victim machine: Backdoors, Trojan-Proxies, Trojan-Droppers and Trojan-PSW.

The attachment name has been crafted so that the user only sees a .JPG extension, and not the .EXE extension which shows that the attachment is, in fact, an executable file.

And the result? The person or group sending these messages is harvesting passwords from infected computers, and gaining full access to victim machines, which can then be used as spamming platforms.

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2022

This is our latest summary of advanced persistent threat (APT) activities, focusing on events that we observed during Q3 2022.

APT10: Tracking down LODEINFO 2022, part I

The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor.

Subscribe to our weekly e-mails

The hottest research right in your inbox