Increase in malicious spam

Rodel Mendrez from M86 Security labs has made an excellent post on a Massive Rise in Malicious Spam:

http://labs.m86security.com/2011/08/massive-rise-in-malicious-spam/





As he notes in his conclusion, "It seems spammers have returned from a holiday break and are enthusiastically back to work."





So I decided to check out if I had received some spam as well. Jackpot ;-) !

UPS notification

Re: End of July Statement Required









Your credit card has been blocked











ACH Transfer Review

Most of the files are displaying a Word or PDF icon to trick

the user in opening the file:

Some examples of attachments, with their respective

VirusTotal results:

Invoice_08.17.2011_Collcod.exe

MD5: cf0397bb622e4ed9dfdeb07fcbfa9687

VirusTotal Report

MasterCard_invoce_ID73284783275943.doc.exe

MD5: 0b7eba77dd4bcea3c670c4a664e98778

VirusTotal Report

UPS_Document.exe

MD5: 17f9148b130a94ab1f50030ebbf2415a

VirusTotal Report

form-62091.exe

MD5: e18d8cb2a4264a3c559d7967b3c6ab99

VirusTotal Report

When opening either of these files, you can end up with a rogue.

One example rogueware I got was "System Repair":

System Repair rogueware

The dropped file that is launching the rogueware:

pusk3.exe

MD5: 27077c2058983bb76bd09cdad69f7bde

Result: 36/44 (81.8%)

VirusTotal Report

ThreatExpert Report

Anubis Report

Conclusion

Conclusion is pretty simple: Do not open any attachments from unknown senders.

If you happen to be infected with System Repair, you can for example use the guide on Bleepingcomputer:

http://www.bleepingcomputer.com/virus-removal/remove-system-repair