Sophie (soph) wrote,
Sophie
soph

FlexiPrint Trojan / Virus warning!

[this is a public post]

One of the people at my workplace got infected by a trojan/virus today. It's pretty new, and seems to be spreading rapidly; Mcafee VirusScan couldn't detect it and I couldn't find much about it on the Internet. So here's what I do know.

This one is actually pretty good at getting you to run it, because the email it comes in is very well-written and is very enticing. The email will look something like these:
From: admin@flexiprint.com
Subject: Photo Approval Needed


Your photograph was forwarded to us as part of an article we are publishing for our May edition of Business Review Monthly. Can you check over the format and get back to us with your approval or any changes you would like.

If the photograph is not to your liking then please attach a preferred one. We have uploaded the photo and article here, [URL snipped by Ciaran]

Kind regards,

John Andrews
Dept. Marketing
http://www.FlexiPrint.com
Or:
Hello,

I noticed whilst browsing your site that there were problems with some of your links, when I tried again with Internet Explorer the problems were not there so I assume that they were caused by me using the Mozilla browser.

As more people are turning to alternative browsers now it may be of help for you to know this. I have enclosed a screen capture of the problem so your team can get it fixed if you deem it an issue.

Kind regards,

James Andrews
Dept. Publishing
FlexiPrint.co.uk
The person at my workplace got the second one. The attachment differs between cases, apparently; we got a ZIP file with a file named SO.SCR inide, using the icon for a .PDF file. Unfortunately, he didn't know that .SCR files aren't screenshots, but screensavers - in actual fact, just .EXE files renamed. He ran it, and the virus popped up an error, but of course it had installed onto his system and the error was just a cover for that.

The trojan apparently turns the computer into an IRC zombie. For more info on the technical side of what it does, check out http://sandbox.norman.no/live_2.html?logfile=385846 .

A good rule of thumb is that if you get a file ending in .SCR at all via an email, do not open it unless you are absolutely sure you know what you're doing. There is absolutely no need for anybody to be sending you screensavers, and it's a common method of fooling people into thinking it's something other than an .EXE.

Please link to this post so that others can find it in Google.
Tags: public, virus warning
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 2 comments