Recently, there have been junk emails faking United States Postal service, informing that one Postal Pakage is faulty. The email requires users to fill in an attached file whose icon looks like the icon of an ordinary Excel file. Actually, this is a malicious file which takes advantage of user’s incaution to execute virus and inject malicious code to user’s computer.

Figure 1: Email’s content

To bypass users’ spam filter, this spam email contains an image file instead of a text file like usual.

Up to the writing time, not many AVs have been able to detect the virus spread by this email. http://www.virustotal.com/file-scan/report.html?id=a784d80e1d0cda2cfe9f9fc5325d42825c3171e96954c7d54760fca50d492f65-1285638618

Upon execution, this virus (detected as W32.FakeUSPS.Worm by Bkav):

• Dumps file Dll:  %System32%\bfky.ojo.
• Modifies the value of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell] by inserting “bfky.ojo” to this key’s value to execute virus on computer’s startup.
• Receives commands from control server: micro-viagra.ru

Users are recommended to be more cautious on opening file attached with emails of unknown origin or emails with unauthenticated content.

Nguyen Van Sao

Malware Researcher

Recently I have received several Nigerian-like scam emails. These emails are different from those I received before in that their content is in both English and Vietnamese. The original content is in English, and the Vietnamese content is translated from English using Google Translate.

Email with Vietnamese content

Email with English content

In this type of phishing, hacker employs Google Translate to translate the scam emails into the language of the targeted victims, which make users more easily fall prey to. It’s likely that there will be waves of phishing scams exploiting Google Translate in the coming time. Users should be cautious with emails which seem to be automatically translated, emails informing of pot or prize winning or a discount campaign.

Nguyen Minh Duc

Senior Security Researcher