Because general user receives various kinds of mails every day, they do not usually hesitate to download and execute attached file from e-mail.
We are going to introduce this case, masqueraded as an email sent by DHL, one of international mail express company.
2. Spreading path and symptoms of infection
As its name is, spreading technique of these malicious files is that it masqueraded as a normal attached file. And lead receiver to download for getting informed details.
You can see a “ZIP file” at the attached area, a fool hacker wrote the year as 2010’s though.
Because this mail has been sent at May 17, 2011.
Based on content, this mail said that it was sent due to wrong recipients’ address and this mail tries to induce user to download and install attached file.
After extracting compressed file, you can see the executable icon such as following image.
Its file name also has been disguised as DHL and related stuffs, “DHL-Notification-print-copy-Delivery”.
It will generate file this following path and modify certain registry value.
* Generated file
- (User account folder)\Application Data\(Random alphabets)\(4 random alphabets).exe
* Generate and modify registry
- Name : [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Data : (User account folder)\Application Data\(Random alphabets)\(4 random alphabets).exe
* (User account folder) usually means C:\Documents and Settings\(User account).
- (User account folder)\Application Data\(Random alphabets)\(4 random alphabets).exe
* Generate and modify registry
- Name : [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- Data : (User account folder)\Application Data\(Random alphabets)\(4 random alphabets).exe
* (User account folder) usually means C:\Documents and Settings\(User account).
Furthermore, it will try to access external site and can download additional malicious file or perform Bot function through “explorer.exe”.
3. How to prevent
In this case of malicious file disguised as a normal e-mail can be downloaded and executed easily. We can say this kind of security threat as a Social Engineering. And the range of exposure is getting wider.
To use your PC safely from security threats of these malicious applications, we recommend following tips "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.
Diagnosis name
- Trojan/W32.Agent.171008.GM
tips
شركة تنظيف منازل بالدمام
ReplyDeleteشركة تنظيف مساجد بالدمام
شركة جلي بلاط بالدمام
شركة تنظيف مسابح بالدمام
شركة صيانة مسابح بالدمام
شركة عزل خزانات بالدمام
شركة تركيب حجر طبيعي بالرياض
شركة أعمال جبس بالرياض
شركة ورق جدران بالرياض
شركة كسر رخام بالرياض
شركة تسليك مجارى الدمام
شركة تنظيف موكيت بالدمام
شركة تنظيف سجاد بالدمام
شركة تنظيف واجهات زجاج بالدمام
شركة تنظيف مجالس بالدمام
شركة شفط بيارات بالدمام