Thursday, 4 June 2015

Security Warning - A trojan is being directly emailed to the Irish Business



ESET Ireland warns of an email, titled “Important – To all Employee’s”, which has an infected attachment that contains a trojan

The email has been observed to come from an Irish email address and targets other Irish emails. The title “Important – To all Employee’s” (spelling error included) prompts receivers to open an archived attachment titledDocument.zip. Within the archive file is an executable file calledDocument_2520.exe, which if clicked, infects the victim’s computer with malware that ESET detects as Win32/Kryptik.DJUM.

Win32/Kryptik is generic detection of malicious obfuscated code within files with PE32 (Portable Executable, 32-bit) format, which is most active in infecting computers in UK and Ireland. This particular one likely contains the Win32/TrojanDownloader.Waski, observed since 2013, which downloads a range of additional malware to an infected computer. Basically, once you’ve got one, you’ll soon have many more…

Infections like these count on computer users to just open anything they receive without thinking. ESET Ireland therefore recommends checking who any email is from, before opening any attachments, to make sure the content is legitimate. Executable files (.exe) should particularly ring alarm bells when received and should be checked by an antivirus scanner or just deleted, before they can deliver their malicious payload.

Screenshots of the malware are avaliable at our blog.

Stay up to date with latest threats by reading the Eset Blog blog or following them on Facebook orTwitter.