Trojan Horse
[korea] 0000-00-00 [Foreign] 0000-00-00
2014-09-17 [Able to detect & repair]

Malicious code that spread through Spam Mail(photo.exe)


Many Spam Emails with the title "my new photo ;) " have been found recently. If the attached file(photo.exe) is executed, it could do Bot functions by connecting to malicious servers and send SMTP for infecting of other users.


[The symptom]

It sends Spam Emails and induces users to check a attached file(

When the attached file is executed, it creates a copy in a specific folder and, it creates malicious files disguised as a normal filename in folder of '(user account) Application data'.


* ​The created malicious codes are added in Windows registry for executing automatically after Windows rebooting.


 * It seems that the created files send emails in order to infect other users using SMTP account.


* In addition, it seems that it tries to access a specific site in order to do additional malicious actions, but there are no normal connections currently.


* If users become infected with this malicious code, it seems to be occurred overload with users' PC by massive network connections and additional malicious behaviors. 



[How to repair] 

Reparable by ViRobot engine ver. 2014-09-19 or above.