Home / malware Trojan.Spammer.HotLan.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.Spammer.HotLan.A.
Explanation :
The trojan reads from http://[BLOCKED]/wemail/index.php a custom script which it tries to interpret.
The script provides the following main actions:
- logon into an existing email account (@hotmail, @yahoo or @30gigs);
- read from http://[BLOCKED]/base.php coded information about an email to send (To:, Cc:, Subject:, Body:);
- decode the email and send it;
- try to create new email account(@hotmail, @30gigs, @google);
Email accounts have the following pattern:
- <Name1><RandNo1><Name2><RandNo2>@hotmail.com- swift3409494vlad45@hotmail.com
- <Name1><Name2><RandNo>@yahoo.com - ClaudiaWilder85@yahoo.com
- <Name1><Name2>@yahoo.com - LeonardFernandez@yahoo.com
Example of emails send:
#1
Subject: many RX its
Date: Wed, 4 Jul 2007 17:42:06 +0000
if The most used,medical,products 4 you
Dont waste U chance visit: http://[BLOCKED]xyf.cn
what Djibouti now that itself Tanisha except Melody no one Alvarez
along Ava since inside out of Chacon whether...or Marsha under Nellie
because Holliday your when Boyd its Samuel everything Dick
#2
Subject: itsPILLZ Wise
Date: Thu, 5 Jul 2007 13:53:40 +0000
R!se and sh!ne!
myself Canadian phaaarmaaaacy for you!
Check it: http://[BLOCKED]kyli.info
behind Kelvin after they Medeiros theirs Villarreal along, Alston
among Angelita, mine its Marino!! after Sherry you Garland
off Malawi nor ifLast update 21 November 2011
