Home / mailings WSLabs, Malicious Website / Malicious Code: Department of Treasury Trojan Horse
Posted on 13 December 2007
Websense Security LabWebsense® Security Labs(TM) has discovered a new email attack that uses a spoofed email claiming to be from the United States Department of Treasury. This is similar to previous attacks claiming to originate from the IRS, Better Business Bureau, and Department of Justice. We have been tracking all of these attacks, and reporting them as they are discovered.
The message claims that a complaint to the Department of Treasury has been filed against the recipient's company. The email informs the reader that a copy of the original complaint has been attached to the email.
The attached "complaint" is a Trojan downloader with some backdoor capabilities. It is a ".pif" file with an MD5 of 9e19d23f27ebf9cfe1b9103066a3019e. It appears, however, that different versions of the Trojan are sent, based on the targeted recipient or company.
Websense Security customers are protected from this threat.
Email screenshot available within full alert.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=830