Warning! SMS Reader Spam Dropping Trojans

News

Contributed by: Aurelija Skurvydaite
Date: April 23, 2009

	7 Vote 0	Warning! SMS Reader Spam Dropping Trojans

Yesterday we informed you about a whole bunch of spam campaigns ascribed to the famous Waledac botnet. Today I'd like to warn everybody against a new variant of the SMS Reader spam campaign because spammers are not even considering the possibility of stopping or at least to reducing their malicious activities.

This time cyber criminals are bombarding potential victims' computers with email messages written in Russian, claiming to present the most recent version of the program called SMS Reader V4.0. Similarly to the previous spam campaign, senders of these emails prompt users to click on the provided link and download a free trial version of the program that can purportedly download SMS messages to any mobile phone anonymously and automatically.

Each message contains a URL link to, as it appears, randomly named executable file (e.g. gPGk8uD2UE.exe) which is hosted on Russian hosting servers. As the message itself is written in Russian, it seems to specifically target Russian-speaking users. However, I'd recommend that everybody be cautious of similar emails.

As you may already expect, as soon as you click on the executable file, it will download a file with a Trojan that will definitely infect your computer. The size of the file is 20454 bytes and it has MD5 104032f2a5789a2468fb47005ae256ee. As this spam campaign can have many different executable files, the size of it and its MD5 may, of course, differ from the ones provided in this article.

The following table presents all possible alias names of the Trojan downloaded by the executable called gPGk8uD2UE.exe. Since this antivirus detection information was collected on the 16th of April, there may already be new variants of this malware that are not given in the table.

Alias names of Trojan

Trojan-Downloader.Win32.Cutwail!IK

Win-Trojan/Agent.20454

TR/Agent.bxum.1

Trojan/Win32.Agent

Win32:Trojan-gen

Agent2.BSY

Trojan.Agent.bxum

Trojan.DownLoad.33158

Win32.Agent.Bxum

Trojan.Win32.Agent.bxum

Generic DropperW32/Agent.BXUM!tr

Trojan-Downloader.Win32.Cutwail

Trojan.Win32.Agent.bxum

Trojan.Agent.bxum.1

Trojan.DR.Pandex.Gen.10

Trojan:Win32/Meredrop

Trojan/W32.Agent.20454.B

gh Risk Worm

Troj/Meredr-Fam

Trojan.Win32.Agent.bxum

Trojan/Agent.bxum

Table 1. Alias names of the Trojan

Security experts warn all users to stay alert and not to trust everything that they find in their inboxes. Spammers and other cyber-criminals are becoming more and more creative in their "advertising" schemes. We, simple users, need to be very careful and do our best to secure our computers if we don't want these criminals to gain benefits from their malicious activities. The best solution is of course to delete all unsolicited messages without even opening and reading them.

Resources:
SMS Reader Spam Campaign
AV Analysis
Waledac Botnet Sending Spam

User Comments

Ludovic February 19, 2012

Today the cell phone user is ienndatud with marketing SMS and it is increasingly difficult to catch user attention. Check out my friend's frustration on the number of mobile spam he receives: 51 unread SMS in just 3 days!

vijay October 20, 2010

i like this warning sms

Top 10 Malware Threats

1.	Security Monitor
2.	Win 7 Home Security
3.	AV Protection 2012
4.	Cloud AV 2012
5.	System Fix
6.	Privacy Protection
7.	System Security 2012
8.	Duqu Trojan
9.	Windows Monitor
10.	PC Shield 2012

Most searched files

1.	vprot.exe
2.	GameXNGO.exe
3.	setup.ovr
4.	RosebudMUI.msi
5.	fp_ax_cab_installer.exe
6.	phoenix.exe
7.	InfDefaultInstall.exe
8.	AcroPro.msi
9.	FlashUtil11c_ActiveX.exe
10.	WinBootstrapper.msi

Newest files

1.	FlashUtil32_11_2_202_228_ActiveX.exe
2.	sisnicxp.sys
3.	NTIDrvr.sys
4.	int15.sys
5.	anbmServ.exe
6.	E_FATIADA.EXE
7.	HP_IZE.exe
8.	viaagp1.sys
9.	SISAGPX.sys
10.	R8139n51.SYS

Home Tips Downloads Videos Files Virus list Vulnerabilities

Home > Viruses Through Email > Warning! SMS Reader Spam Dropping Trojans