ThreatTrack Security experts have analyzed the threat

Aug 14, 2013 17:16 GMT  ·  By

A piece of malware detected by ThreatTrack Security’s VIPRE Antivirus as Trojan.Zip.Bredozp.b (v) (compressed) or Win32.Malware!Drop (uncompressed) is currently being distributed with the aid of at least two spam campaigns.

ThreatTrack experts warn users about opening emails that purport to come from Virgin Media, or ones that appear to be car insurance policy expiration notifications.

The bogus Virgin Media emails are well designed. They’re entitled “Your Virgin Media bill is ready,” and they read something like this: “Your Virgin Media bill is ready and waiting for you.”

The fake car insurance notifications bear the subject “Second Notification of Expiring Motor Vehicle Insurance Policy.” The sample analyzed by experts appears to be addressed to the Consulate General of Suriname.

When executed, the malware creates registry entries to make sure it’s executed each time the system is restarted, and it blocks the victim from enabling Internet Explorer’s Protection Mode.

Then it starts communicating with IP addresses from the Middle East, from which it downloads additional malware.

Spam emails (2 Images)

Fake Virgin Media bill
Car insurance spam
Open gallery