NEWS FROM THE LAB - Friday, July 28, 2006

Two massmailings underway Posted by Mikko @ 17:06 GMT

We've seen two separate spam runs with infected attachments tonight.

First one comes in an email with random header info and body text "Hi, Honey - My best photo ever!". This one contains a file called "dsc00342.jpg .exe" as an attachment. This one is detected by us as Trojan-Downloader.Win32.Small.cyy.

The second one comes in an email looking like this:


postalcardThe link to all-yours.net is fake; instead the link points to an EXE file hosted at whitehat.cc.

The file is named "postalcard.jpg.exe" and is detected by us as Backdoor.IRC.Cloner.ae.

All-yours.net is a real greeting card site and has nothing to do with this case. Abuse messages have been sent about whitehat.cc domain.