Phishing & Malware Alert

There seemed to be an increase of phishing emails with malware payload lately.

Yesterday, on Nov 9th, 2012, I received an email supposedly from MY own accounts department (accounting@easybiztools.com) with an official looking subject:

I tried to save the html attachment as ‘txt’ – see the screenshot below:

But ZoneAlarm did not allow me – it intercepted and promptly treated the trojan.

More Details
Trojan:JS/Redirector.W is basically an encrypted javascript that redirects you to a hacker’s page to download and execute malicious Shockwave Flash (SWF) files. These malicious SWF files are crafted to exploit “Adobe Flash Player Invalid Pointer Vulnerability”.

Besides spammers/hackers sending you this file (via email), this Trojan:JS/Redirector.W can also be stored as an embedded script in malicious Web pages (or legitimate sites/pages that had been hacked).

When a user visits the page, the script could execute exploit code that targets specific versions of Adobe Flash Player.

For more info, please visit: Microsoft’s Threat Encyclopedia

TIP:
Always set your email client to view in “Plain Text” only. That way, any embedded html or javascript will not be launched automatically.