There’s a spam email message, detected in June of 2012, that is used to infect computer systems with rogue security software and a nasty rootkit infection. This malicious email message will contain an attached ZIP file that is actually a Trojan dropper detected as Dropper.Win32.Dapato.pj!1a by some security applications. To prevent becoming infected with the Dropper.Win32.Dapato.pj!1a Trojan dropper, ESG security researchers strongly recommend keeping your anti-spam filter updated and running at all times as well as never opening email attachments contained in unsolicited email messages.
Dropper.Win32.Dapato.pj!1a is Contained in a Fake Message from Delta Airlines
Most PC security researchers know that school vacation periods often mean a rise in spam email messages claiming to have been sent by airlines, hotels, or similar businesses. These messages will usually use the same scam: they will claim to be a ticket or hotel reservation and urge the victim to unclose an attached file in order to view the details of their reservation. Of course, opening the attached file actually installs malware on the victim’s computer system.
In the case of the malicious email message containing the Dropper.Win32.Dapato.pj!1a Trojan, it claims to have been sent by Delta airlines and will contain an attached ZIP file named Ticket_Delta_Airlines_IN2139.zip which, instead of containing the victim’s ticket information, will actually contain the Dropper.Win32.Dapato.pj!1a Trojan Dropper. The full text of this malicious email message reads:
Hello, E-TICKET / EH065894335
SEAT / 77E/ZONE 2
DATE / TIME 20 JUNE, 2012, 09:55 AM
ARRIVING / Virginia Beach
FORM OF PAYMENT / CC
TOTAL PRICE / 276.42 USD
REF / EF.5709 ST / OK
BAG / 4PC
Your bought ticket is attached to the letter as a scan document. You can print your ticket. Thank you for using our airline company services. Delta Air Lines.
The Consequences of Opening Dropper.Win32.Dapato.pj!1a’s Malicious Email Message
The attached ZIP file contains a variety of malware infections that can cause severe problems on the infected computer system. Dropper.Win32.Dapato.pj!1a will install a variant of the nasty Sirefef rootkit family. This rootkit family has been associated with a variety of malware scams, from browser hijackers to fake security applications. It is also particularly difficult to remove and will often require a specialized anti-rootkit application. Once installed, components in this malicious rootkit will establish a backdoor into the infected computer system and download and install fake security software in the WinWebSec family of malware.
How Can You Detect Dropper.Win32.Dapato.pj!1a?
Download SpyHunter’s Detection Scanner
to Detect Dropper.Win32.Dapato.pj!1a.