ASEC REPORT - AhnLab

ASEC REPORT 41MALICIOUS CODE TREND702MALWARE TRENDMalware IssuesINBOX IS FULL!There have been reports about malware disguised as normalemails. Recently, emails about full inbox capacity have beenreported as suspicious. The email states that no messages canbe sent or received unless the capacity is increased, and leads theuser to click a link and download a file.browser history, key logging information, screenshots) from theuser's system, and sends it to a specific email which seems to becreated by the malware creator.[Figure 1-9] Mail packet sent via a specific email serverThe following shows the contents of the sent email at the time ofanalysis, and it confirms that the collected information is attachedas an HTML file.[Figure 1-5] Original email contentThe file downloaded through the link is disguised as an InternetExplorer icon, and infects the system with malware when executed.[Figure 1-6] File downloaded through the linkWhen the file is opened, it creates the following file.[Figure 1-10] Email with the collected information as an attachmentThe contents of the attachment are shown below.[Figure 1-7] Created fileAlso. it registers itself into the system registry to automatically runat system restart.[Figure 1-11] Info on Running programs[Figure 1-8] Registry value createdThis malware collects various information (running programs,[Figure 1-12] Info on Web access