Incidents

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Whoever spammed this malicious program has used social engineering techniques in a clever way. The message which the malicious program is attached to seems to be a forwarded message, complete with answer. The text hints at a hot date, and attached photos – the recipient is exhorted not to show them to any one.

Of course, such a text is designed to excite the reader’s curiosity, and maximize the change of the attachment being opened. When the recipient clicks on the attachment, Trojan-Downloader.Win32.Small.anh will be launched. The downloader will then install a range of other malicious programs on the victim machine: Backdoors, Trojan-Proxies, Trojan-Droppers and Trojan-PSW.

The attachment name has been crafted so that the user only sees a .JPG extension, and not the .EXE extension which shows that the attachment is, in fact, an executable file.

And the result? The person or group sending these messages is harvesting passwords from infected computers, and gaining full access to victim machines, which can then be used as spamming platforms.

Today we detected mass mailing of Trojan-Downloader.Win32.Small.anh in Russia

Your email address will not be published. Required fields are marked *

 

Reports

APT trends report Q3 2021

The APT trends reports are based on our threat intelligence research and provide a representative snapshot of what we have discussed in greater detail in our private APT reports. This is our latest installment, focusing on activities that we observed during Q3 2021.

Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

Subscribe to our weekly e-mails

The hottest research right in your inbox