Malware being spammed as PDF from retail stores

Reports surfaced today of spam purporting to be from Dell, Walmart, Circuit City or Sony confirming an order for a Sony Vaio computer with a PDF attachment, but the attachment is, in fact, a very nasty piece of malware named Haxdoor.

The supposed PDF attachment is really an executable named 37679041.exe, which is detected by AV vendors by various names. Kaspersky named it Backdoor.Win32.Haxdoor.lf. Symantec detects it as Backdoor.Haxdoor.R and others are calling it a variant of Goldun. Whatever you call it, it's quite an evil piece of malware. Haxdoor typically uses rootkit technology to mask itself. Haxdoor is known to steal passwords, give a remote attacker access to the machine, may display advertising and often makes changes to the registry that lower system security. Some variants also disable software firewalls and anti-virus apps. Malware being spammed as PDF from retail stores | Spyware Confidential |

Linked by shanmuga Wednesday, 11th October 2006 3:11AM