Malicious code that spread through Spam Mail(photo.exe)

Many Spam Emails with the title "my new photo ;) " have been found recently. If the attached file(photo.exe) is executed, it could do Bot functions by connecting to malicious servers and send SMTP for infecting of other users.

[The symptom]

It sends Spam Emails and induces users to check a attached file(photo.zip).

When the attached file is executed, it creates a copy in a specific folder and, it creates malicious files disguised as a normal filename in folder of '(user account) Application data'.

* ​The created malicious codes are added in Windows registry for executing automatically after Windows rebooting.

 * It seems that the created files send emails in order to infect other users using SMTP account.

* In addition, it seems that it tries to access a specific site in order to do additional malicious actions, but there are no normal connections currently.

* If users become infected with this malicious code, it seems to be occurred overload with users' PC by massive network connections and additional malicious behaviors. 

[How to repair] 

Reparable by ViRobot engine ver. 2014-09-19 or above.