NEWS FROM THE LAB - Monday, August 14, 2006

Rakningen.exe going around Posted by Mikko @ 19:30 GMT

There's been a spam run of a new backdoor application that we now detect as Trojan-Spy.Win32.BZub.bs.

This was spammed in Swedish e-mail messages with an attachment called R´┐Żkningen.exe or Rakningen.exe - which means "Bill" in most Nordic languages.


The actual trojan is very similar to the ones we've seen before targeting German speaking users (with "Rechnung.exe"). When run, the trojan drops a file named ipv6mons.dll which monitors user activities.