Home / mailings WSLabs, Malicious Website / Malicious Code: National Payroll Reporting Consortium Trojan Horse
Posted on 08 January 2008
Websense Security LabWebsense(R) Security Labs(TM) has discovered a new email attack that uses a spoofed email claiming to be from the National Payroll Reporting Consortium (NPRC). This is similar to previous attacks claiming to originate from the IRS, Better Business Bureau, and Department of Justice. We have been tracking all of these attacks, and reporting them as they are discovered.
The message claims that the recipient's company has made numerous misrepresentations regarding worker classification to lower compensation costs. The email asks the recipient to fill in an attached form and fax it to NPRC's fraud department in order to resolve the issue.
The attachment is a Trojan downloader with some backdoor capabilities. It is a malicious Windows executable file with an MD5 of 854e259c7c0ac6fb2a26963a9d77600d.
Websense Security customers are protected from this threat. At time of writing, only 1 anti-virus vendor has detected this malicious code.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=835
