“Live as if you were to die tomorrow.
Learn as if you were to live forever.”
by Gandhi (1869 - 1948)
Most Read Posts
Categories
Pages
Recent Posts
Archives
Recommended
Trend Micro Internet Security Pro

Norton 360 Version 2.0

Kaspersky Internet Security 2009

Sony Vegas Movie Studio 9 Platinum Pro Pack

Archive for September 8th, 2008

New Trojan Discovered!

Monday, September 8th, 2008

There are some days that I am just so happy to be doing the work I do. And today is one of those days!

Last week I received an odd e-mail that was obviously spam, but seemed to contain malware. And of course, I was disturbed because my Trend Micro Internet Security Pro did not catch it. While I did a bit of analysis on my own, it did indeed seem to contain the makings of malware - not that the fact that it was an executable (exe) might have something to do with it too!

So, following our procedures for submission, I submitted the file to Trend’s virus engineers and I just received this e-mail back from them.

New Trojan Downloader HR

New Trojan Downloader HR

The name of the Trojan is TROJ_DLOADR.HR - short form for Trojan, Downloader, variation HR.

And in keeping with my pledge to expose people who are either running botnets unknowingly or expose those who would willingly send out malcode, here’s the e-mail I received and the headers from that e-mail.

The Original E-mail

The Original E-mail

(Click to view larger image)

You will notice that first of all, this is a very bizarre e-mail address as the sender and the mail to is not a legitimate MICE e-mail address to begin with.  And there is nothing going on at MICE that required an Attorney to look over our contract. (We have two law firms we conduct business with and neither are at this address!)

So, looking at the headers I can see that this is coming from one specific IP address. Doesn’t appear to be a botnet, but I may be wrong. But from the headers, it seems to me that this e-mail originated from and was sent from this address. Perhaps this person is infected?

E-mail Headers showing IP Address

E-mail Headers showing IP Address

(Click to view larger image)

So, once again I go off to the Whatismyipaddress.com website (Gosh, I LOVE THEM!)

IP Address pointing to RoadRunner ISP

IP Address pointing to RoadRunner ISP

So, if you know of someone in that area (Washington State), or you are RoadRunner and you know who has the IP address of: 76.182.157.26, you need to contact them and tell them they are infected!

Not sure if it’s you or not? Go to WhatismyIPaddress.com and they will tell you immediately on the home page - the minute you get there.

So today my job is worthwhile. I found a new Trojan!

And since our press release called me “The Lone Ranger” of PC Security, I guess I will ride another day!

Hi Ho, Trend MIcro! Away!



bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark

Share This Post

Tags: , , , , , , , , , , , , , , ,
Posted in Security | No Comments »

Subscribe!

Subscribe in a reader

60 Subscribed Users

Enter your email address:

Delivered by FeedBurner


TwitterCounter for @debbiemahler

Ajax CommentLuv Enabled d194dbe5cf4396d6a27ff92eed5d3bb6

Chat with Debbie
MICE Critical Alert!
Phone number

Carrier

*Standard text messaging rates may apply from your carrier*
Favorite Blogs
Tech
Personal Sites
Our Clients
Recent Comments
Meta