Was just sitting watching South Park when I noticed a couple of emails had hit my inbox. I knew they were there, because the new mail icon was up, but they took some finding because they were misdated.
Anyway, what's interesting about these emails is they seem to be concerted efforts to get Air America listeners to downlaod a trojan.
The first email had the subject line: Please download this file! ( From Air America Place Forums )
The body of the email said:
Please download and execute this file: traffweb.biz/dl/loadadv781.exe
This is very important patch for Windows!
Obviously, that's untrue. I've been online since 1995, so I know a clumsy virus effort when I see one, and this is one of the clumsiest. But it doesn't seem to be a one-off, being as the second new email, received just minutes later,
Subject: Please, help our forum ( From Air America Place Forums )
Body: Air America Place Forums
Please, help our forum - traffmoney.biz/dl/loadadv606.exe .
Thank you.
I looked up that filename and found the following threat report:
Threat: TrojanDownloader.loadadv
Threat type: Trojan Downloader -
Advice: Remove
Threat risk: Severe Risk
Severe risk threats are typically installed without user interaction through security exploits, and may allow an attacker to remotely control the infected machine. Such threats may allow the attacker to install additional malware and use the compromised machine to participate in denial of service attacks, spamming, and bot nets, or to transmit sensitive data to a remote server. The malware may be cloaked and not visible to the user. These threats severely compromise the system by lowering security settings, installing "backdoors," infecting system files, or spreading to other networked machines.
Description: TrojanDownloader.loadadv is a group of files that download other malware and/or adware without notice or consent.
TrojanDownloader.loadadv is typically downloaded through a security hole or though social engineering.
So who is sending Air America listeners trojan files, and why? Is this a random fluke, or part of a deliberate move by some organized body?
Either way, if you get one, delete it. DO NOT OPEN THE FILE.