|Typical Symptoms||Changes registry,Sends email,Generating traffics,Creates file|
|Discovered|| [korea] 0000-00-00
|Scan engine needed||
2014-09-17 [Able to detect & repair]
Malicious code that spread through Spam Mail(photo.exe)
Many Spam Emails with the title "my new photo ;) " have been found recently. If the attached file(photo.exe) is executed, it could do Bot functions by connecting to malicious servers and send SMTP for infecting of other users.
It sends Spam Emails and induces users to check a attached file(photo.zip).
When the attached file is executed, it creates a copy in a specific folder and, it creates malicious files disguised as a normal filename in folder of '(user account) Application data'.
* The created malicious codes are added in Windows registry for executing automatically after Windows rebooting.
* It seems that the created files send emails in order to infect other users using SMTP account.
* In addition, it seems that it tries to access a specific site in order to do additional malicious actions, but there are no normal connections currently.
* If users become infected with this malicious code, it seems to be occurred overload with users' PC by massive network connections and additional malicious behaviors.
[How to repair]
Reparable by ViRobot engine ver. 2014-09-19 or above.