15 stycznia 2004

Uwaga! TrojanDownloader. Win32.Small.cz - pobiera robaka internetowego

Jest to koń trojański pobierający robaka internetowego. Ma rozmiar około 2 KB (kompresja UPX, rozmiar po rozpakowaniu - około 13 KB). Szkodnik jest rozsyłany w wiadomościach e-mail.

Dystrybucja trojana rozpoczęła się dnia 15 stycznia 2004 przy użyciu technik spamowych.

Zainfekowane wiadomości posiadają następujące pola:

  • Od:
    do_not_reply@paypal.com
  • Data wysłania: 15 stycznia 2004, godzina 3:08

  • Temat:
    PAYPAL.COM NEW YEAR OFFER
  • Treść:
    ** GREAT NEW YEAR OFFER FROM PAYPAL.COM **
    
    Dear PayPal.com Member,
    
    We here at PayPal.com are pleased to 
    announce that we have a special New 
    Year offer for you! If you currently 
    have an account with PayPal then you 
    will be eligible to receive a terrific
    prize from PayPal.com for the New Year. 
    For a limited time only PayPal is 
    offering to add 10 percent of the total 
    balance in your PayPal account to your 
    account and all you have to do is register 
    yourself within the next five business 
    days with our application (see attachment)! 
    
    If at this time you do not have a PayPal 
    account of your own you can also register 
    yourself with our secure application and 
    get this great New Year bonus! If you fill 
    out the secure form we have provided 
    PayPal will create an account for you 
    (it's free) and you will receive a 
    confirmation e-mail that your account has 
    been created. 
    
    That's not all! If you resend this letter 
    (with its attachment) to all of your 
    friends you may be eligible to receive 
    another New Year bonus because the 1000 
    PayPal members that send the most of 
    these to their friends will get the bonus. 
    If you are one of these 1000 lucky members 
    then PayPal will add 17 percent of your 
    total balance to your account! 
    
    Registration is simple. Just unpack the 
    attachment with WinZip, run the 
    application, and follow the instructions 
    we have provided. If you have problems 
    opening the application then you may want 
    to try downloading a free version of 
    WinZip from http://www.winzip.com 
    
    Do not miss your chance at this fantastic 
    opportunity! Thousands of our current 
    customers have already received their 
    prizes and now it's your turn; so hurry 
    up and take advantage of this special offer! 
    
    Best of luck in the New Year,
    PayPal.com Team
    
  • Nazwa załącznika: paypal.exe.

Po uruchomieniu trojan pobiera robaka internetowego Mimail.p (program Kaspersky Anti-Virus wykrywa tego szkodnika od 7 stycznia 2003) ze strony WWW. Przed uruchomieniem robak zapisywany jest w pliku c:\tmp.exe.