CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 14th, 2008

Fake Japanese Government Agency Email Targets Japanese Companies

A possible spam attack is targeting several Japanese companies according to Symantec. The spam email associated with this attack spoofs itself as an email from a Japanese government agency and entices the user to open the attached .zip file to check organizational changes made recently. The attached .zip file contains 2 files: 0414.xls and 0414.exe. 0414.xls is a legitimate file containing a list of names, addresses, personnel positions, which may or may not really exist. There is no evidence to suggest that any exploit attempts are made on this file.

The other file, 0414.exe, is a variant of Backdoor.Darkmoon, which has a keylogging capabilities. Several variants of Backdoor.Darkmoon associated with this spam attack have been noticed. One variant saves stolen information as the filename msvidctl, sends it to the remote attacker, and awaits further commands from cyhk.3322.org. Another variant sends information as the filename taskame to hi222.3322.org and opens a back door to the same site.

In the past, similar types of attack have occurred many times. Take extra caution and do not open attachments unless they are expected and come from a known and trusted source.

Email, Bookmark or Share:
  • E-mail this story to a friend!
  • Digg
  • del.icio.us
  • StumbleUpon
  • Reddit
  • Technorati
  • Slashdot
  • Propeller
  • Google
  • Live
  • YahooMyWeb
  • TwitThis
  • Facebook
  • LinkedIn

More on CyberInsecure:
  • Japan to disconnect p2p users
  • Pirates Privacy Breached After Downloading Fake Game Installer
  • European Space Agency Website ESA.int Hacked, FTP And Email Passwords Leaked
  • NSA Goes Offline Due To A DNS Glitch
  • Japanese Earthquake And Tsunami Searches Infect Users With Malware

    • Posted in Targeted Attacks | Print This Post Print This Post

    This entry was posted on Monday, April 14th, 2008 at 3:21 pm and is filed under Targeted Attacks. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Fake Japanese Government Agency Email Targets Japanese Companies

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « « A Mistake At The University of Toledo Exposes 6500 Employees
    High Success Rate Breaking Hotmail CAPTCHAs » »