Fake Japanese Government Agency Email Targets Japanese Companies

April 14th, 2008

Fake Japanese Government Agency Email Targets Japanese Companies

A possible spam attack is targeting several Japanese companies according to Symantec. The spam email associated with this attack spoofs itself as an email from a Japanese government agency and entices the user to open the attached .zip file to check organizational changes made recently. The attached .zip file contains 2 files: 0414.xls and 0414.exe. 0414.xls is a legitimate file containing a list of names, addresses, personnel positions, which may or may not really exist. There is no evidence to suggest that any exploit attempts are made on this file.

The other file, 0414.exe, is a variant of Backdoor.Darkmoon, which has a keylogging capabilities. Several variants of Backdoor.Darkmoon associated with this spam attack have been noticed. One variant saves stolen information as the filename msvidctl, sends it to the remote attacker, and awaits further commands from cyhk.3322.org. Another variant sends information as the filename taskame to hi222.3322.org and opens a back door to the same site.

In the past, similar types of attack have occurred many times. Take extra caution and do not open attachments unless they are expected and come from a known and trusted source.

Email, Bookmark or Share:

More on CyberInsecure:

Japan to disconnect p2p users

Microsoft Released Service Pack 1 for Vista

Hackers In Taiwan Compromised 50 Million Personal, Government And Firms Records

NSA Goes Offline Due To A DNS Glitch

Hackers Use Neosploit To Infect Around 80,000 Sites, Including BBC And US Postal Service

Posted in Targeted Attacks |

Print This Post

This entry was posted on Monday, April 14th, 2008 at 3:21 pm and is filed under Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

Latest Virus Descriptions

Trojan-Downloader.JS.Small.fi 29 Oct 2008 20:03:00 +030
This Trojan downloads other files via the Internet and launches them for execution on the victim machine. The program is an HTML page which contains Java Script scenarios. It is 1432 bytes in size.
Trojan-PSW.Win32.OnLineGames.sxa 29 Oct 2008 20:01:00 +030
This malicious program is a Trojan. It is a Windows PE EXE file. It is 118103 bytes in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\kavo.exe In order to ensure that the Trojan is launched automatically each time the system is restarted, the…
Trojan-PSW.Win32.OnLineGames.lfi 29 Oct 2008 20:00:00 +030
This malicious program is a Trojan. It is a Windows PE EXE file. It is 123873 bytes in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\amvo.exe In order to ensure that the Trojan is launched automatically each time the system is restarted, the…
Trojan-Downloader_Win32_Agent.nmi 29 Oct 2008 19:59:00 +030
This Trojan downloads another program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. The size of infected files can range from 18KB to 47KB.
Trojan-Downloader.Win32.Braidupdate.c 28 Oct 2008 15:54:00 +030
This Trojan downloads another program via the Internet and launches it on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 79360 bytes in size. It is written in C++. Installation In order to ensure that the Trojan is launched automatically each…
Trojan-Downloader.JS.Agent.sg 28 Oct 2008 15:52:00 +030
This Trojan downloads other files via the Internet and launches them for execution on the victim machine. It is an HTML page which contains Visual Basic Script and Java Script. It is 677 bytes in size.
Trojan-GameThief.Win32.OnLineGames.tnys 28 Oct 2008 15:48:00 +030
This Trojan is designed to steal account data from the online game LineAge2. It is a Windows PE EXE file. It is 654848 bytes in size.
Trojan-PSW.Win32.OnLineGames.rlh 28 Oct 2008 15:39:00 +030
This malicious program is a Trojan. It is a Windows PE EXE file. It is 112736 bytes in size. Installation The Trojan copies its executable file to the Windows system directory: %System%\kavo.exe In order to ensure that the Trojan is launched automatically each time the system is restarted, the…
Trojan-Downloader.Win32.Delf.cgx 20 Oct 2008 15:56:00 +030
This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge or consent. It is a Windows PE EXE file. It is 48128 bytes in size. It is packed using PECompact. The unpacked file is approximately 131KB in size. It is…
Backdoor.Win32.Small.x 20 Oct 2008 15:54:00 +030
This Trojan provides a remote malicious user with access to the victim machine. It is a Windows PE EXE file. It is 1087 bytes in size.

CyberInsecure.com

Fake Japanese Government Agency Email Targets Japanese Companies

Leave a Reply

Categories

Archives

Links

Internet Threat Level

Recent Entries

Vendor Security Alerts

Subscribe

Members

Latest Virus Descriptions