NEWS FROM THE LAB - Tuesday, January 23, 2007

Rechnung After the Storm Posted by Francis @ 09:23 GMT

We have received many reports from our German customers receiving spammed e-mails containing an attachment named GEZ_Rechnung.pdf.exe.

Here is a sample screenshot of the spammed e-mail:



Our detection for this malware is Nurech.W.

Nurech.W uses the following links to download Bzub.HO:


Bzub.HO is a password stealer and is hosted in the following link: