An email with a malicious attachment has been identified by ESET Ireland. The email pretends to be a “purchase order” confirmation email, but it has an archive file attached. The email reads:
Thank you for using our services!
Your order #91243513363 will be shipped on 05-09-2014.
Date: September 02, 2014. 10:30am
Payment method: Credit card
Transaction number: A67C195FE9
Please find the detailed information on your purchase in the attached file (order_2014-09-02_09-57-58_91243513363.arj)
The receiver of the email is usually alarmed about a “purchase” they never made and wants to investigate this further by having a closer look at the purchase’s “detailed information”, as mentioned in the email above..
The attachment, however, doesn’t offer any “information”. Instead it includes an executable file that contains a variant of the Trojan downloader Win32/TrojanDonloader.Elenoocka. Elenoocka is a Trojan that tries to download other malware from the Internet. It contains a list of 6 URLs and attempts to download several files from those particular addresses. The files can contain the Win32/Kryptik.CKEY Trojan, a member of the rather nasty family of Kryptik Trojans, all of which create malicious system files that hide deeply inside your operating system. These files avoid detection and make your computer vulnerable to any sort of infections cybercriminals want to send your way.
A computer infected by a Trojan like this one can be used by cybercriminals as a part of a botnet, all without the owner ever knowing. The hackers can also use it for hacking attacks or the distribution of illegal content or spam.
ESET Ireland advises Irish computer users to avoid opening any unknown email attachments, particularly in emails like the one above that are specifically designed to play on and exploit people’s curiosity.
Stay informed about the latest threats by following our blog: eset.ie/blog.
About ESET Ireland
ESET Ireland will keep your hardware and software performing as it should. The company has hundreds of people around the world working hard every day so customers’ computers, tablets, smartphones and servers are properly protected. All with minimal impact on their performance.