New trojan spam tells you where to download trojan as "MS beta antispy"

Discussion in 'Computer Support' started by Joel Rubin, Mar 6, 2005.

  1. Joel Rubin

    Joel Rubin Guest

    If you get a spam "from Microsoft" inviting you to download the beta
    anti-spyware program from some place like

    http://microsoft-download.pisem.net/download/8/9/1/891b30ee-2185-4ac9-ac0a-50512c6de0f9/Windows-KB890830-ENG.exe

    well, it was only 25K bytes so I did download it, but not run it. My
    antivirus didn't find anything but Kaspersky.com's online scan found

    Trojan-Downloader.Win32.Delf.iu

    When I examined it with a file viewer it was UPX compressed but in a
    way so that UPX wouldn't decompress it. I suppose someone who doesn't
    want to be reverse engineered could do that but I think 90+% of the
    time that's an indicator of malware.
     
    Joel Rubin, Mar 6, 2005
    #1
    1. Advertisements

  2. What's "[your] antivirus"?
     
    Blinky the Shark, Mar 7, 2005
    #2
    1. Advertisements

  3. Joel Rubin

    Mack Guest

    "Actually servers in the U.S. do a pretty good job
    of screening some viruses, trojans, and worms. However,
    I use a server in S. Africa which absolutely has every worm, virus, trojan,
    Pfish etc. represented. One recurring is from "Microsoft"
    and looks very legitimate; click on the attachment and
    your computer is history. Replete with MS logos etc.,
    and looks very authentic. Been there for at least two
    years. I would never download anything with and
    attachment purporting to be from MS. I would go
    to the MS site first.
     
    Mack, Mar 7, 2005
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.