Packed.Generic.402 Description

Type: Trojan

Packed.Generic.402 has been used in various social engineering scams that attempt to take advantage of trending news in order to entice inexperienced computer users into clicking on malicious links contained in spam email messages. Packed.Generic.402, in particular, has attracted attention because of the sad nature of its attacks. Criminals are capitalizing with the widespread panic and uncertainty after the terrible Boston Marathon bombing. Only a few hours after the attack, spam email messages containing subject lines related to this incident started to appear in computer users' in- boxes. These spam email messages seem to originate in Latvia and Ukraine.

About twenty percent of all spam email sent out a few days after the incident in Boston contained subject lines referencing the event in some way. This tactic of taking advantage of trending news stories is not a new development; in recent years every important news story, from the election of a new pope to the death of Michael Jackson and the spring of a new iPhone version will usually be accompanied with a spam email campaign attempting to take advantage of computer users likely opening unsolicited email messages. Of course, PC security researchers strongly advise against receiving news from unsolicited email messages. Instead, computer users should refer to reputable media outlets instead of continuing to open unsolicited email messages from dubious sources.

The Infection Process Used by Packed.Generic.402

Once the victim clicks on the embedded link on the malicious email message, it will lead to a website that includes what looks like to be a YouTube video. While the video plays a news story related to the Boston Marathon bombing (or to the trending news story that is being used to distribute Packed.Generic.402), an exploit kit executes a malicious code on the victim's computer by taking advantage of vulnerabilities in the victim's web browser, applications or operating system. The most common exploit kit associated with Packed.Generic.402 attacks is the RedKit Exploit Kit. If the malicious code is executed successfully, Packed.Generic.402 will install its malicious files on the victim's computer and make dangerous changes to the infected computer's settings. Packed.Generic.402 is a password stealing Trojan that can be utilized to swindle passwords and login information for online accounts, banking information and other sensitive data from the infected computer.


14 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Ikarus Virus.Agent
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.E
AntiVir TR/Waledac.EB.2
DrWeb BackDoor.SlymENT.1498
Kaspersky HEUR:Trojan.Win32.Generic
AVG Generic_s.BBL
Fortinet W32/Kryptik.X!tr
AhnLab-V3 Trojan/Win32.Tepfer
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.B
DrWeb Trojan.Fakealert.37412
Kaspersky Trojan.Win32.FakeAV.qxph
Avast Win32:FakeAV-ENP [Trj]
Symantec Packed.Generic.402
McAfee Generic-FAGQ!38A5233318B2

Technical Information

File System Details

Packed.Generic.402 creates the following file(s):
# File Name MD5 Detection Count
1 B02E87CE3C0D42810000B02DD7A74966.exe 38a5233318b2fb611b6fd1095e58b75a 9
2 temp13.exe 9761e53715897183f7e5d3ecb009630d 1
3 boston.avi_______.exe N/A

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.