Search
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Websense® Security Labs™ has discovered a new Trojan Horse / DNS

October 2007 by Websense

Websense® Security Labs™ has discovered a new Trojan Horse / DNS redirector being distributed via email with URL lures. The email message, which is in HTML and is written in Spanish, and attempts to lure users click on a link in order to join the Samsung Fan Club.

The subject roughly translates to : "Get more for less" (screenshot below).

Assuming users click on the URL, they are then directed to a compromised website that is hosted in Texas and was up at the time of the alert. The site contains no exploit code but has a Trojan Horse with the filename "SAMSUNG.EXE" with an MD5 of <892d9d19859a13cb3f453da446d1d538>.

Upon running the file it modifies several Windows components, including the hosts file, and opens Internet Explorer to both the real Samsung Mexico website and an adult entertainment website. Also, at the time of testing the file has *very* low detection rates from anti-virus signatures.




See previous articles

    

See next articles