It's election year in the United States,everyone must be aware of that by now. We've just observed a Trojanbeing spammed out utilizing a candidate's name, Hillary Clinton, asbait. The email asks you to click a link to download an interview withher. The email circulating has the following subject line:
Subject: Hillary Clinton Full Video !!!
The body of the email looks like this:
The link looks to be coming from http://www.google.com/pagead/iclk?sa=3Dl&ai=3DRwGGv&num=3D96249&a=durl=http://canotajetrilly.com/[REMOVED]/rdown.php?PNDcx"=id=3D
Looking closer, we see the actual link is:
http://canotajetrilly.com/[REMOVED]/rdown.php?PNDcx"=id=3D
But, do not click the link because this link does not take you to avideo. This link downloads a suspect file, "mpg.exe," which is a Trojandownloader. This downloader downloads a file, inst241.exe, which isdetected as Trojan.Srizbi. So far the volume appears to be low, butbeware: do not click this link or any links associated with these spamemails.