Fake Japanese Government Agency Email Targets Japanese Companies
A possible spam attack is targeting several Japanese companies according to Symantec. The spam email associated with this attack spoofs itself as an email from a Japanese government agency and entices the user to open the attached .zip file to check organizational changes made recently. The attached .zip file contains 2 files: 0414.xls and 0414.exe. 0414.xls is a legitimate file containing a list of names, addresses, personnel positions, which may or may not really exist. There is no evidence to suggest that any exploit attempts are made on this file.
The other file, 0414.exe, is a variant of Backdoor.Darkmoon, which has a keylogging capabilities. Several variants of Backdoor.Darkmoon associated with this spam attack have been noticed. One variant saves stolen information as the filename msvidctl, sends it to the remote attacker, and awaits further commands from cyhk.3322.org. Another variant sends information as the filename taskame to hi222.3322.org and opens a back door to the same site.
In the past, similar types of attack have occurred many times. Take extra caution and do not open attachments unless they are expected and come from a known and trusted source.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.