12345

5/10/2011

[Warning] Identified malicious file disguised sent from FBI

1. Introduction

From the top of May 2011, malicious e-mails masqueraded as sent by FBI(Federal Bureau of Investigation), so users need special attention about  prevalent malicious e-mails.
The main feature of this e-mail is that the sender name is "FBI", and sender's e-mail address is tampered "fbi.gov".
If the receiver downloads and executes attached compressed file, user PC can be infected by malicious file.

* The main feature of malicious e-mail

Usually this kind of e-mail spreading technique, attaching malicious file, tries to deceive with various tricks, such as look like being sent from government organization or certain official department, to be believed by user.
When you open e-mail, you have to be careful while opening it which especially contains including social engineering, containing link on mail body, or attached certain file.
This following mail content is lately found. To recognize about this kind of malicious e-mail will help you avoid similar e-mails.

2. Spreading path and symptoms of infection

Sender's "*****" consists of random numbers and it changes each time.

Sender :
FBI (info*****@fbi.gov)
Subject :
You visit illegal websites

Body :
Sir/Madam, we have logged your IP-address on more than 40 illegal Websites. Important: Please
answer our questions! The list of questions are attached.

Attachments :
document.zip



"document.zip", e-mail attachments, contains "document.exe" its decompressed form.

"document.exe" is disguised as a document type file and using PDF file's icon to deceive user.



The user will be infected after executing "document.exe", and this malicious file will access certain web site and try to download and install pusk.exe inducing user to pay.

* Download additional malicious file
http://(~)ntov.com/pusk.exe



Installed malicious program is masqueraded as a Windows recovery program, which tries to show fake error detection and treatment requiring screen. Finally it will induce user to pay.

Fake Anti-Virus program is also well known form of these malicious programs. This usually induces user to pay for treatment with showing fake windows' status being infected from malicious file. Recently, it shows fatal error screen in user's PC, therefore users have to be careful using internet.

3. How to prevent

To use PC safely from security threats of these malicious files, we recommend following tips "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Be careful on clicking shorten URL.
4. Download applications from its official site directly.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system against various security threats.

document.exe : Trojan-Downloader/W32.FraudLoad.18432.AY
pusk.exe : Trojan/W32.Agent.510976.AB

9 comments:

  1. You should take a look at this info on analytical essay for some info on how to write it. I think that this could save you in the future.

    ReplyDelete
  2. xender download
    xender apps
    xender web
    xender software
    This usually induces user to pay for treatment with showing fake windows' status being infected from malicious file.

    ReplyDelete
  3. imo install
    imo beta
    imo messenger
    imo online
    This usually induces user to pay for treatment with showing fake windows' status being infected from malicious file.

    ReplyDelete
  4. یکی از مهم ترین دغدغه های طراحی منزل طراحی دکوراسیون داخلی است که شامل بخش های مختلفی می شود. تیم طراحی دکوراسیون داخلی ایوان سبز با تجربه چندین ساله و رزومه فوق العاده خود آماده ارائه مشاوره و طراحی و اجرای طراحی داخلی می باشند. برای اطلاعات بیشتر به وبسایت ایوان سبز مراجعه کنید.

    ReplyDelete
  5. شرکت تهویه رویا نوین ایرانیان با استفاده از دانش امروزی و تجربیات گذشته خود توانسته در زمینه تولید محصولات تهویه مطبوع و با مونتاژ سیستم های سرمایشی بسیار موفق باشد. تهویه مطبوع شاخه ای از علم مهندسی مکانیک است و نقش آن ایجاد شرایطی است که انسان در محیط فعالیت و زندگی خویش بتواند احساس راحتی نماید. شرکت تهویه رویا نوین ایرانیان علاوه بر بخش فروش در بخش خدمات پس از فروش نیز از مهندسان خبره و مجرب بهره می گیرد و از این رو تهویه نوین ایرانیان با علم و دانش روز به بخش خدمات پس از فروش نگریسته تا بتواند در این امر نیز رضایت کامل مشتریان خویش را نیز جلب نماید.

    ReplyDelete
  6. یک فرایند برای جوانسازی و زیبایی پوست تزریق چربی یا لیپو اینجکشن است که از طریق آن چربی، توسط پزشک متخصص از بافت هایی که که چربی انباشته می شود به نواحی چون صورت، سینه، باسن، ران ها، دست ها و پاها تزریق می شود که در بیشتر موارد به صورت سرپایی و بدون نیاز به بستری انجام میگیرد. شما میتوانید برای دریافت اطلاعات بیشتر در مورد این عمل به وب سایت دکتر مهدیانی مراجعه فرمایید.

    ReplyDelete