We have recently detected many infections of Trj/Abox.A. This high number of infections is due to the curious technique of social engineering that it uses in order to deceive users.
This malware sends email messages with an asx file attached.
The code of the file can be recognized in the following tags:
TITLE “Codec not found”, which deceives users into thinking that they have not the appropriate codec to watch the video.
REF HREF, which is the URL of the video that is displayed. Actually, it is a one-minute long video with a black background, whose main purpose is to make users think that they do not have the suitable codec.
MOREINFO HREF, which is the URL that is opened when the banner that appears in the video is clicked
This is what users see when they try to open the file .asx:
When users are infected, it downloads a downloader type Trojan (detected as Trj/Abox.A), which downloads via FTP 3 files that receive instructions from a server in order to send email messages. We have already detected some messages in Italian and Spanish, both distributing the Trojan and sending spam. Equally, it can be used as phishing or any other type of attack.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
