There are some days that I am just so happy to be doing the work I do. And today is one of those days!
Last week I received an odd e-mail that was obviously spam, but seemed to contain malware. And of course, I was disturbed because my Trend Micro Internet Security Pro did not catch it. While I did a bit of analysis on my own, it did indeed seem to contain the makings of malware - not that the fact that it was an executable (exe) might have something to do with it too!
So, following our procedures for submission, I submitted the file to Trend’s virus engineers and I just received this e-mail back from them.
New Trojan Downloader HR
The name of the Trojan is TROJ_DLOADR.HR - short form for Trojan, Downloader, variation HR.
And in keeping with my pledge to expose people who are either running botnets unknowingly or expose those who would willingly send out malcode, here’s the e-mail I received and the headers from that e-mail.
The Original E-mail
(Click to view larger image)
You will notice that first of all, this is a very bizarre e-mail address as the sender and the mail to is not a legitimate MICE e-mail address to begin with. And there is nothing going on at MICE that required an Attorney to look over our contract. (We have two law firms we conduct business with and neither are at this address!)
So, looking at the headers I can see that this is coming from one specific IP address. Doesn’t appear to be a botnet, but I may be wrong. But from the headers, it seems to me that this e-mail originated from and was sent from this address. Perhaps this person is infected?
E-mail Headers showing IP Address
(Click to view larger image)
So, once again I go off to the Whatismyipaddress.com website (Gosh, I LOVE THEM!)
IP Address pointing to RoadRunner ISP
So, if you know of someone in that area (Washington State), or you are RoadRunner and you know who has the IP address of: 76.182.157.26, you need to contact them and tell them they are infected!
Not sure if it’s you or not? Go to WhatismyIPaddress.com and they will tell you immediately on the home page - the minute you get there.
So today my job is worthwhile. I found a new Trojan!
And since our press release called me “The Lone Ranger” of PC Security, I guess I will ride another day!
“Hi Ho, Trend MIcro! Away!”
Do you enjoy this blog? Then buy me a coffee or send me a tip! May I suggest $3 for a Venti (extra-large) cup of Starbucks Carmel Macchiato? You can also choose any amount you wish.
Recent Comments