Home

The map of love leads to trouble

September 5th, 2011 by Avi Turiel | Category: Antivirus, malware | 2 Comments »

In mid-August we covered a huge email-malware outbreak that mostly included UPS-themed emails. The same malware continues to be distributed as Fedex confirmations, but also as the “map of love”.  The “map of love” attachments accompany emails promising “tourists” a map of interesting destinations worldwide.

Some variations of the text:

Welcome Lover!

Everything is for YOUR private passion!

Check ->>JULY-2011: HOT BABIES CITIES<<- in Attached !

With Love…

 

Good afternoon S– Tourist!

It is Novelty in S—tourism!

Check ->>JULY-2011: HOT SPOTS OF —– in Attached !

Best Regards…

www. World-Map .org

 

WELCOME LOVE-TOURIST!

You have not seen this ever!

Check ->> WORLD-MAP OF BABY <<- in Attached !

Enjoy!..

www. LOVEMAP .com

You get the idea…

The attachments in the series all follow the format of “map_of_love_<random number>.zip”.

In August we also described a trick used by malware distributors to hide the true “exe” filename of the attached file that uses a Right-to-left override (RLO) function.  For example, this would make the file fishy_cod.exe appear as fishy_exe.doc thereby causing unsuspecting recipients to be even less … suspecting.  The extracted map-of-love file uses the same RLO trick so that it appears as:  LoveCard_N2894598382_Collexe.doc.  (instead of doc.exe at the end). Command antivirus detects the malware as W32/Trojan3.CVS

Worth noting – the map-of-love and Fedex malware share the same (very strange) file information:

  • publisher….: Inept Sewer Guard
  • copyright….: Copyright (c) Credo Mesh 2003-2010
  • product……: Tush Piper
  • description..: Caste Load Tiles Ploys Korea
  • original name: Crete.exe
  • internal name: Gourd Crack
  • file version.: 1.7

 

Share and Enjoy:
  • email
  • Print
  • Twitter
  • Digg
  • Facebook
  • StumbleUpon
  • FriendFeed
  • del.icio.us
  • Google Bookmarks
  • LinkedIn
  • Technorati
  • Yahoo! Bookmarks
  • Reddit
Tags:
 
  • http://blog.commtouch.com/cafe/malware/incorrect-hotel-charges-%e2%80%93-install-malware-for-refund/ Updated – Incorrect hotel charges – install malware for refund | Commtouch Café

    [...] the UPS and “map of love” outbreaks of the last few weeks, today saw further large amounts of email-attached malware.  [...]

  • http://blog.commtouch.com/cafe/email-security-news/step-1-infect-millions-of-computers/ Step 1 – infect millions of computers. Step 2 – ? | Commtouch Café

    [...] Map of love – promising juicy information about global sites of “interest”, the attached map displays a PDF icon but is actually an executable file. [...]

Notify me of followup comments via e-mail. You can also subscribe without commenting.

 
© Commtouch Café
 | Site by illuminea | Sitemap