NEWS FROM THE LAB - Thursday, August 17, 2006

Haxdoor.KI Being Spammed Posted by Sean @ 13:27 GMT

There's a spam run of a new Haxdoor variant - Haxdoor.KI - now detected as Backdoor.Win32.Haxdoor.ki.

We have reports of it being spammed in both Swedish and German language messages. The Swedish attachment is a zip file named Rakningen.zip. The German attachment is named Rechnung.zip.

Haxdoor.KI E-Mail Message

The text of the message and the names of the attachments are the same as the spammed malware from last Tuesday. But the malware inside this message is completely different.

Here's a screenshot of Haxdoor.KI being detected by BlackLight:

BlackLight Beta Command Line in Action

As you can see from the screenshot, we now have a command line version of BlackLight. The new command line tool is available now at www.f-secure.com/blacklight. We'll have more details on it soon.