Radware Discovers New Malware – Spread by email

Radware announced that its researchers have discovered new malware.  The malware is spread as a malicious email attachment.  When the email recipient opens the email attachment, a keylogger is installed that collects passwords, credit card data and other sensitive information.

Showing the continuing cat and mouse game in which bad guys discover new forms of attack to evade security measures,

The Admin.HLP Trojan is hidden within a standard windows help file named Amministrazione.hlp and it is attached to emails. This standard help file does not activate any installed anti-virus programs, and therefore it goes under the radar of standard anti-virus solutions. Once the victim opens the Windows help file, the Admin.HLP Trojan installs itself on the victim’s computer where it starts to collect keystrokes. The Trojan periodically sends the stored keystrokes to the attackers’ remote server.

To remain a persistent Trojan threat, Admin.HLP creates a startup file in Windows, guaranteeing that the Trojan is invoked after every restart of the computer.

Radware is providing its customers with a fix that blocks communications between this malware and its remote servers.

What information has been compromised before the installation of the specially developed Radware blocking software?

It is possible to break the cycle of new malware → detection → remediation → new malware by preventing the installation of email spread malware.  The way to break the cycle is to provide employees with a tool that will help them make better decisions when processing their emails.  That tool is SP Guard from Iconix.  Spearphishers deceive by masquerading as trusted senders.  SP  Guard from Iconix provides the ability to distinguish real email from spearphishing attacks.  Click here to learn more.  You can contact us at 408-727-6342, ext 3 or use our online form.


Comments are closed.