Spam Pushes Malware Disguised As ScreensaversMarch 9, 2008 – 6:54 PM
Sunbelt Software is reporting a wave of spam pushing a new variant of backdoor trojan malware.
The spams they show all advertise “3D BeST Screensaver” or “3D Flsh screen$aver” or something like that; “Download for free” and a link. The pages to which the links take you are well-executed and look professional.
As of their initial analysis, the malware was very poorly detected by popular antivirus programs. Only 7 of the 32 programs in their VirusTotal scan detected anything (follow Sunbelt’s links for more details). This will surely have improved by the time you read this, as all those companies have samples.
The site on which the malware is hosted is a strange one. It sells war memorabilia for the US Civil War, the World Wars and “Indian Wars” (as in India, not the American west). The company which owns the site is located in Pakistan. Sunbelt Software says the malware pages seem to be installed through a compromise, but there’s no real effort to hide them.