Endpoint Protection

A new Trojan Horse called Backdoor.Robofohas been spammed out today, which uses a variety of social engineeringtactics to aid its propagation. First it masquerades as an email fromthe US Internal Revenue Service (IRS), including the use of the IRSlogo in the message body to make it appear more legitimate:

The use of legalese in the message content may intimidate some usersinto opening the attachment. The attachment is called COMPLAINT.rtfand, when launched, displays the following bogus error message:

What appears to be text is in fact the name of an embedded executable, which installs a Backdoor Trojan detected as Backdoor.Robofo.Should you succumb to these various intimidation tactics, thenAntivirus definitions dated 05/30/2007 (revision 17 and later) willprovide detection against this threat. Symantec's Brightmail-enabledmessaging products also have a rule to block the spammed emails.