It seems that this hacker is pretty active, the Trojan tries to update itself, and then downloads some SSL v.2 crypted packages, which seem to be the message body and e-mail addresses. Today we have intercepted phishing being sent out, and right now it is sending spam. Can you guess what it is about? Yes, you are right, it's Viagra:
We can find some text hidden in the e-mail in order to avoid antispam filters. The following text belongs to one of the messages:
Korea's development of nuclear weapons.
weapons programs and rejoin the international
he standoff over North Korea's nuclear weapons
boycott.
involving China, Japan, Russia, the two Koreas and the
Bush said the United States will remain a reliable
partner in liberalizing trade, confronting North Korea's
midterm elections to anti-war, anti-free trade
in Singapore
laundering.
Asia will not diminish.
good of their people, is to abandon its nuclear
The six-nation talks stalled a year ago when North
weapons programs and rejoin the international
partner in liberalizing trade, confronting North Korea's
The information about the Trojan can be found here.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
