Number: IRCNE2015102648
Date: 2015/10/05
According to “itpro”, AppRiver has uncovered a new Upatre Trojan phishing campaign that specifically targets machines still running Windows XP.
Upatre Trojan can steal personal details and download additional malware, and this newest threat is delivered via an email with the subject line 'Attorney-client agreement'.
"One interesting detail about this line of attack is that they seem to be targeting older, out of date PCs," Fred Touchette, senior security analyst of AppRiver said. "After running the samples on a couple of different operating systems, they only seemed to want to carry out their malicious intent on machines running Windows XP (I was using SP3)."
Once up and running, the malware hacks systems processes to infiltrate the computer, checks its IP address and then tries to communicate with the IP 197.149.90.166 on port 12299 and reports back with the information it has uncovered from the computer, such as the IP address and the computer's name.
He explained that if the malware was executed on newer machines, it would be shut down before it has a chance to run, rendering it useless.
- 8