Here's the message:
I work in a private detective agency. My name is not important.
I want to warn you that i'm going to monitor your phone line.
Do you want to know who paid for shadowing you? Wait for my next letter.
P.S. I know, you don't believe me. But i think the record of your
yesterday's telephone conversation will change your point. The tape is
in archive. Archive password is 123qwe
The attachment is a ".rar" file, which is a compressed file format similar to a ".zip" file. The fact that many American computer users don't have software on their machines that knows how to open a RAR file may be the only thing that keeps some users safe!
When the file is extracted, it sits in the filelist with an icon which would make it seem to be an .MP3 File.
Although if you view it in a different manner, the fact that the file is a "Screen Saver" file.
The file name is actually:
"call1105.mp3 (many spaces here) .scr"
Of the thirty-four samples that I received at the beginning of the day:
Nine of them use the subject "attention".
Four use the subject "I'm watching you".
Six use the subject "We monitor your privacy".
Five use the subject "you are watched"
Four use the subject "Your phone is monitored"
Two use the subject "you're being monitored"
Two use "you are being monitored".
Two use "The tape of your conversation".
All have the password of "123qwe".
As of thirty minutes ago, there were twenty-one anti-virus companies that did NOT detect this as a virus in any way. Eleven companies, according to VirusTotal.com, mostly detected it as a generic "Dropper", though Symantec called it "Trojan.Peacomm.D", which is what it calls Storm Worm viruses.
F-Prot, F-Secure, Kaspersky, McAfee, Microsoft, Sophos, and others do not detect the virus at this time.
0 comments:
Post a Comment