Cyber criminals disguise spam as concrete job offers Holzwickede, 09 March 2010 an old friend makes in the world of E-threats again stir. BitDefender security experts registered infections recently increased by Win32.Worm.Mabezat.J. It spreads via English-language spam messages containing a file infected with the worm winmail.dat in the annex. The latest trick: The mails were disguised as concrete job offers by cybercriminals. The still difficult economic situation remains a popular attraction for spam attacks. In particular the currently high rate of unemployment and the hope of many Beschaftigungsloser on new work will be exploited.
So fake job offers new methods include the malware authors, to bring their infected messages to the user. The E-mails written in English are titled with subject lines such as: “Web designer vacancy”, “new work for you”, “Welcome to your new work”, or “We are hiring you”. The mail contains a seemingly rather than a concrete job offer harmless attachment named winmail.dat. The user is asked to unpack this file. The prompt to open a Word document with the title then appears Readme.doc.
This however proves itself an executable file that is infected with Win32.Worm.Mabezat.J. Once opened, the alleged Readme file using Windows Explorer creates its own directory, which contains the worm. This creates an entry in the autorun.inf then”including a new file with the name zPharaoh.exe. It is a copy of the worm. Particularly worrying is the fact that Win32.Worm.Mabezat.J in the situation is to replace the first 1768 bytes of an exe file with its own encrypted code, rather than to attach themselves like other pests. The worm infects the PC then every time, once such a file is executed. Examples are Windows Media Player, as well as some binary files in Outlook Express. Independent distribution via bulk-spam the Mabezat family is extremely dangerous: in addition to the infestation of Variants of the worm collect addresses from a variety of file formats binary and the destruction of system files. After the worm has created an email list, it uses its own SMTP engine, via mass mails itself to spread. To protect themselves from such attack, BitDefender recommends downloading and the installation of a complete anti-malware suite with antivirus, antispam, antiphishing and firewall protection. PC users should also refrain from to open files from unknown senders in their emails or to enable suspicious-looking links. Under the link quickscan.bitdefender.com to users a free malware scan perform, to make sure that Mabezat is not already on your computer. More at. About BitDefender BitDefender is software developer, one of the industry’s fastest and most efficient product lines internationally certified security software. Since the founding of the company in 2001, BitDefender has new standards in the field of proactive Set protection against threats from the Internet. Every day, BitDefender protects tens of millions of private and business customers around the world and gives them the good feeling that your digital life is safe. BitDefender sells its security solutions in more than 100 countries through a global VAD and reseller network. More detailed information about BitDefender and BitDefender products are available in the press centre online. In addition, BitDefender provides background information and current news in the daily fight against threats from the Internet, in English at. Press contact: BitDefender GmbH Robert-Bosch-str. 2 D-59439 Holzwickede contact person: Hans-Peter Lange PR Manager Tel.: + 49 (0) 2301 9184-330 fax: + 49 (0) 2301 9184-499 email: PR Agency: Sprengel & Partner GmbH nesting first race 3 D-56472 Nisterau contact: Fabian Sprengel Tel.: + 49 (0) 2661 91260-0 E-Mail: