News from the Lab Archive : January 2004 to September 2015

NEWS FROM THE LAB - Tuesday, January 23, 2007

ARCHIVES | SEARCH

Rechnung After the Storm	Posted by Francis @ 09:23 GMT

We have received many reports from our German customers receiving spammed e-mails containing an attachment named GEZ_Rechnung.pdf.exe.

Here is a sample screenshot of the spammed e-mail:

Our detection for this malware is Nurech.W.

Nurech.W uses the following links to download Bzub.HO:

   http://buckells.co.uk/heidi/[BLOCKED]ex.txt
   http://floorsovertexas.com/images/[BLOCKED]ex2.txt
   http://gideonsarmy3.com/gideons_files/[BLOCKED]ex2.txt
   http://gilles-pouliot.com/images/[BLOCKED]ex2.txt
   http://graceinthedesert.org/images/photo_page/[BLOCKED]ex2.txt
   http://gracesanders.com/images/[BLOCKED]ex2.txt
   http://mazal18.com/temp/[BLOCKED]ex2.txt
   http://thecorsairs.co.uk/Pics/[BLOCKED]ex.txt

Bzub.HO is a password stealer and is hosted in the following link:

   http://samuraiwordsets.co.uk/images/[BLOCKED]p.exe