Posted By: miamidolls
Hello,
Please be aware that our Agency received an email at 10:07AM from "
[email protected]". It was a GiftRocket money card from "Dave from Theeroticreview" with a note that stated: "I'm such a big fan of you. Your body, soul and vitality are extraordinary. I thought I would motivate you a bit! Please accept this gift as a small token of my appreciation.Hope to see ya soon!"
The mail includes a link to download a PDF. When you rollover the link it looks like a link to a PDF. However when you click on the link you are asked to download a .SCR file. NOTE: SCR files are KNOWN VECTORS for viruses and trojans. Worse, this particular file was analyzed by three powerful antivirus scans and only ONE was able to detect a virus.
The virus/trojan/worm is known as a Grafter virus or a Worm:Win32/Morto. It is a worm that allows unauthorized access to an affected computer. It spreads by trying to compromise administrator passwords for Remote Desktop connections on a network.
We could not deduce if this was a targeted an unintentional attack from an infected computer, an intentional specific attack, OR worse, an intentional targeted attack to members of TER in order to collect information and take over systems.
This is a very skillful and dangerous attack. Because the mail is from a "trusted source", because the note includes a known reference (TER), and because it is virtually undetectable by virus scanners, we believe that most people would have opened this and could have potentially been impacted.
Thank You,
Dolly
The Miami Dolls