Spam e-mails promoting a rally against President-elect Putin contain spyware
E-mails began circulating around March 5, Symantec says
Virus overwrites many of the user's files then deletes them thoroughly
A computer virus campaign is targeting opponents of Russian President-elect Vladimir Putin, according to anti-virus software maker Symantec.
“A wave of spam e-mails promoting a rally” against the newly elected president is delivering the spyware as an attachment that appears to be a Word document. In reality, the file is a software program known as “Trojan.Dropper.”
The spam e-mails began circulating sometime around March 5, according to an entry Wednesday on Symantec’s official blog.
The subject lines in the e-mails call demonstrators to action with phrases like: “all to demonstration,” “instructions what to do,” or “meeting for the equal elections.” The body of the e-mail pushes the recipient to open an attachment, purporting that it contains need-to-know information.
When the user opens the file, a document does actually open revealing an announcement for a supposed anti-Putin rally with a map indicating its apparent location. But at the same time, the file drops a Trojan horse virus onto the unwitting user’s computer.
Once on the computer, the virus overwrites many of the user’s files then deletes them thoroughly.
“The Trojan also attempts to connect to IP address 126.96.36.199 (down at the time of analysis),” Symantec says.
This server address is located in Switzerland, but it is associated with another “notorious” virus that once operated off of a Web address with a Russian domain name.
At the end of its virulent rampage, the malware crashes the victim’s computer, causing it to blue-screen.
Symantec characterizes the spam attack as “unusual – mainly because of its size.” These messages average 500 KB in size – 50 times the usual size of junk e-mails. “Most spam messages do not exceed 10 KB,” the IT security company points out.
Antivirus software has been adjusted to recognize the malware, but Symantec warns on its blog: “As always, be aware of any unsolicited e-mails containing attachments, which might take advantage of current events like the recent election result in Russia.”