Attention: German Users

Discussion in 'NOD32 version 2 Forum' started by Happy Bytes, Dec 2, 2005.

Thread Status:
Not open for further replies.
  1. Happy Bytes

    Happy Bytes Guest

    New telekom trojan spammed. Claims to be a telekom bill ("rechnung.pdf.exe")
    and has the PDF Type Icon. Executable is 11205 bytes in size and FSG packed. Tries to download a encrypted server list (rotating destinations) which are leading to "direct-point" IP addresses. The downloaded executable installs a rootkit type banker trojan - this is currently under analysis here.

    The Trojan was proactively detected as "a variant of Win32/TrojanDownloader.Agent.UF trojan"

    So please, you do not have a 300+ EUR phone bill, no need to read this :D
     
  2. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, heuristics save the day again, so no worry...but my question is...how dumb can u be to open an rechnung.pdf.exe file? :D
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    The average person does NOT look at the extensions, well not in my experience. Try a question like "I know you.pif" or "Is this you. whatever extension", I personally seen individuals open both thinking it was someone sending them something. In one such case, they were concerned that this was indeed someone that they knew sending them something. Ol Nod sprung into action and frightened the hell out of both of them with a great big RED screen, followed by a high pitched arrrrgggghhhhh :D :D :D

    Or try the one flying through Messenger about two weeks ago from your friends, "Wow is this you?.exe, that then killed Norton after you executed it and sent out the same file to all your contacts. Given the right question we as humans forget curious and just click :rolleyes: ;) :D

    Cheers :D
     
  4. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Yup, NODs warning screen is the most frightening one I've ever seen - That's a good thing BTW :D
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Agreed, wouldn't want anything less, can NOT miss it :D

    Cheers :D
     
Thread Status:
Not open for further replies.