Germans speaking users are targeted by crooks that compromise their systems and download other malware on their devices depending on the campaign variety they have in mind. Today it can be banking credentials. Tomorrow it can be social networking login data. The next day they use people’s systems to initiate a DDoS attack against who-knows what company or institution website.
The present sample is an e-mail allegedly sent by Skype with the subject tagline “Wir haben Ihre Bestellung geliefert” (in English We have delivered your order) that comes bundled with a Trojan downloader hidden into an attached ZIP archive.
The message tells the recipient he can view all details of the order in the attachment Die Einzelheiten Ihres Einkaufs. But if the user opens the ZIP file, he will get his PC infected with a dropper Trojan identified by Bitdefender as Trojan.Injector.APO.
Once on the system, the Trojan dropper immediately discards its payload, in this case Trojan.Injector.APN – malware that instantly contacts a remote command server and sends information about the infected computer. From this remote server it will also download dangerous code depending on the type of attack the crook chooses for that campaign.
Trojan.Injector.APN can spread from one computer to another by infecting removable devices or network drives. When these compromised devices are accessed from a clean system with the Autorun feature enabled, they immediately pass the infection from one system to the other.
The links included in the e-mails we have analyzed to this date are all clean leading to the official Skype page. But be advised that this might not be the case with all such messages, and therefore avoid clicking them altogether mainly with all that has been going around these days with the malicious Skype-sent links leading to Bitcoin-themed malware.
To stay protected against autorun-based malware, run our USB Immunizer that disables the all Autorun threats before they reach your system.
This article is based on the technical information provided courtesy of Doina Cosovan, BitDefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.