Email malware returns

After last weeks outbreak of spam mails with malware with alleged settings for mail software (which still is ongoing, we still receive a lot of those mails) our analysts see a new bunch of emails which contain a trojan as attachment. These mails come with subjects like “Conflicker.B Infection Alert” and seem to stem from someone called “Microsoft Windows Agent”.

Fig. 1: The malware claims to carry a Conficker removal tool.

Fig. 1: The email claims to carry a Conficker removal tool.

The mail claims that the network where the PC is located is infected with Conficker.B and that the ISP has informed Microsoft about that. The attached tool allegedly offers a free system scan.

The attachment is a FakeAV solution though; also Microsoft would never send out an executable attachment without former consent via email. Do not execute the malware in the zip file from the mail! Avira detects it as TR/Vilsel.ior with the VDF 7.01.06.127.

Dirk Knop
Technical Editor