WEEKLY REVIEW

[Malware Review] Trojan Sasfis.A aims at Facebook users

Email attachments containing viruses or Trojans are pretty rare these days, but they haven

The Trojan comes attached to an email message allegedly coming from Facebook. The spam message announces the user that the popular platform has updated their Terms of Service (included in the attachment) and every active subscriber must revise and accept it or else their access would be restricted. This is a typical scenario that relies on victims’ fear of being restricted or prosecuted unless they comply with the request.

However, the attached zip archive only contains a binary file, called agreement.exe and infected with Trojan.Sasfis.A. The 20-kilobyte file is a dropper, which means that it only downloads a dll file from the web and copies it either in %USERPROFILE%Local SettingsTemp[random digits].tmp or in %SYSTEM%ifmq.kqo. If the infected system has Microsoft Office installed, the malware would attempt to run a Visual Basic script with OLE automation in the context of MS Word’s process.

Trojan.Sasfis.A
also features an update component, which makes it extremely dangerous, given the fact that an attacker may remotely install additional malware such as keyloggers.

Please remember that legitimate companies do not send messages containing attachments, but rather inform users on policy changes as they log into their account. You are also advised to install and regularly update a security solution with antimalware, anti-phishing and anti-spam modules.

Information in this article is available courtesy of BitDefender virus researcher Horea Coroiu.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.