Blog

Websense® Security Labs™ has discovered a new email attack variant similar to attacks previously launched on the IRS and Better Business Bureau. The spoofed email claims to be from the United States Department of Justice (USDOJ). We have been tracking these attacks and have previously reported on them on our site. We first alerted on this attack against the USDOJ here.

The message claims that a complaint to the USDOJ has been filed against the recipient's company. The email informs the reader that a copy of the original complaint has been attached to the email. The attached "complaint" is a Trojan .scr file with an MD5 of 083cdcb8b8cac465dc130348f88ac48d. The .scr drops a file named xp2007.dat in c:\ which is then silently added as a BHO in IE.

At the time of our discovery, none of the major anti-virus vendors had detected the malicious code.

Websense Security customers are protected from this threat.

Email screenshot:


Infected desktop screenshot: