E-mail-security company MessageLabs on Wednesday afternoon reported the new e-mail virus, which has been dubbed Troj/Downloader!4c52 or Downloader-DI.
The first copies of the e-mail have come from Australia, with more than 400 copies spotted so far, according to the company.
The attachment is named www.citybankhomeloan.htm.pif. Once clicked, the Trojan attempts to download a further component from a free hosting website located in Russia.
After activation, this Trojan copies itself to the Windows System folder and installs a .DLL file, which enables the Trojan to acts as a proxy server, allowing a hacker to channel Internet activities through the infected computer without the recipient's knowledge, according to MessageLabs.
The channel between the remote computer and the infected computer is encrypted.
Any activity that the hacker carries out on the Internet, if traced back, will show the address of the infected PC.
The Trojan arrives as an attachment to an e-mail that seemed to have been spammed from a number of different IP addresses around the world.
The attachment has a double extension ending in .htm.pif. The sender's e-mail address is forged, and does not indicate the true identity of the sender, said MessageLabs.
The message contains:
From: "Account Manager"
Subject: Re: Your credit application
Text:
Dear Sir!|
Thank you for your online application for a Home Equity Loan.
In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn't satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.
*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive hard copy by mail withing [sic] next few days.
