Trojan ‘Sasfis’ Spreads Via E-mail Attachments

Latest news
Facebook Targeted with Valentine Attack Results in Malware FBI Likely Deployed Spyware for Surveillance on MegaUpload Cidrex Trojan Opens E-mail ids in ‘Yahoo,’ Uses CAPTCHA to secure them E-mail Supposedly Inviting to Conference, Serves Trojan Collaborated Effort towards Evading Spam

Support our Sponsors

uClip Clipping Path Service

Main Menu

Resources

Login
Username Password Remember Me Forgot your password? Forgot your username? Create an account

Syndicate

Popular
Amazon Accountholders get Fresh Phishing E-mail Enterprises Facilitated through Malware Circulation in Government Cyber-criminals Execute e-Payment Malware Assault Eleven Survey Rated Spam the Biggest E-mail Security Threat in Ten Years Websites Diverting End-users onto ‘Blackhole’ Increasing Within Russia: ESET

Trampolines usa

Trojan ‘Sasfis’ Spreads Via E-mail Attachments

Written by Administrator

Friday, 23 July 2010 05:00

According to the security company 'Symantec,' Internet users should be vigilant of the malicious program Trojan.Sasfis. This program is increasing its threat as each day passes.

The company notes that Trojan.Sasfis has been constantly attacking computers through e-mail attachments. These attachments arrive via spam mails and use names like iTunes_certificate[RANDOM NUMBER].exe or Amazon_Tracking_Number_N[RANDOM NUMBER][LONG SPACE]DOC.exe.

The most recent attachments are Changelog_[DAY]_[MONTH].2010.PDF.zip and Changelog_[DAY]_[MONTH]_2010.zip. Both these files carry a .pdf and .doc file respectively. However, they are actually different i.e. they are .exe files with the .exe prefix appearing with a large gap from .doc/.pdf.

After installation, Trojan.Sasfis performs activities by taking instruction from the host server. It then clandestinely loads several applications, with a number of them using around 94% of CPU energy, points out Symantec.

Symantec also notes in the company blog that Trojan.Sasfis has backdoor functionalities and performs myriad activities once it takes the host's commands. The most common among different activities is downloading and executing misleading software something which Symantec has seen up till now, as reported by V3 on July 12, 2010.

Besides the activities mentioned above, Trojan Sasfis also pretends to be a genuine program. For that, it makes place inside common processes like svchost.exe and iexplore.exe. As a result, it manages to get past a firewall, Symantec highlights.

Meanwhile, it is not just Symantec which has warned about Trojan.Sasfis. During May 2010, Trend Micro, another security company, also alerted that a Sasfis variant utilized the RLO (right-to-left override) tactic. This technique was greatly used earlier in spamming operations, but is now a fresh type of social engineering ploy.

Supporting Trend Micro and Symantec statements about Sasfis, 'Eleven' (an e-mail security company) outlined in its 'E-Mail Security Report' for May 2010 that variants of Sasfis Trojan returned and made it to the first 3 positions on the Top Ten List of malware spread through e-mail during May 2010.

In conclusion, security specialists state that infection from the sinister Trojan can be avoided if users forgo opening e-mail attachments except when they know the source and content of such files.

Read full article...