New Prime Minister, New Trojan

Today, a new Prime Minister took over office in Japan. As usual,malware authors are taking full advantage of this big occasion,launching targeted attacks that play upon the event. Symantec SecurityResponse has received an archive file today with the file namemofa.zip, which contains an executable called mofa.exe. This file isdetected as Backdoor.Darkmoon.E.

According to a local news source(in Japanese), an email pretending to be from the newly elected PrimeMinister, Yasuo Fukuda, is hitting some individuals' email boxes. Theemail contains content in regards to Japanese diplomacy in Asia, alongwith the address and phone number of the Prime minister's office – anattempt to make the email look more authentic. The name “MOFA” inmofa.zip is an acronym for the "Ministry of Foreign Affairs", is alsoan attempt to trick the receiver into opening the malicious attachment.This attack has prompted Mr. Fukuda's office to release a brief statement on this matter on its Web site (also in Japanese).

With the political event at its peak, email recipients of thistargeted email may be caught off guard due to stress and exhaustionfrom being involved directly or indirectly with the event. Even thoughSymantec has detected the malware since September 20, never let yourguard down. We strongly recommend that you keep your security softwareup-to-date and follow safe computing practices. If you receive anyunexpected email, we suggest you treat it with caution just to be onthe safe side.