Taking advantage of all the gift deliveries around the holiday season, criminals have started to send out fake emails from courier services and post offices in order to infect their victims with the Win32/TrojanDownloader.Agent.QXN Trojan. If you usually purchase online, chances are that you are expecting a package delivery during this holiday season. Criminals resort to emails with the 'failed package delivery' subject line in order to get your attention and convince you to open them and click on malicious links or download a dangerous attachment. The Win32/TrojanDownloader.Agent.QXN Trojan is linked with these kinds of dangerous emails, claiming to come from Canada Post, and using the canadapost.ca URL for its emails and links. ESG security researchers strongly advise being extra careful in this holiday season and to watch out for these kinds of fraudulent emails containing malware such as the Win32/TrojanDownloader.Agent.QXN Trojan. Do not be blinded by the excitement surrounding the holiday season; ESG security researchers expect a whole family of these kinds of dangerous emails corresponding to the major courier chains such as DHL, UPS, and FedEx.
An Overview of the Win32/TrojanDownloader.Agent.QXN Trojan's Scam Email
The layout of the scam email associated with the Win32/TrojanDownloader.Agent.QXN Trojan is quite professional. ESG security researchers consider it is likely that the images and text used in these emails were, in fact, copied from legitimate Canada Post emails. The criminals behind this online scam have been quite clever in including two links within this dangerous email. The first will actually take you to the Canada Post's website and to a form where you arrange a new delivery. However, the second email masks its IP address and will actually take the victim to a file hosted on a server located in Houston Texas. You can be sure that the file associated with this fraudulent email is not really associated with Canada post. Rather, the file is in .pif format and is deceptively named in order to appear to be a tracking number (by using the prefix "trk" followed by random characters). The fact that this file is in .pif format should set off alarms in most experienced computer users, and is certainly quite alarming to PC security researchers. The .pif extension is associated with a program information file which is used to run a program whenever it is opened. In this case, this file will attempt to run the Win32/TrojanDownloader.Agent.QXN Trojan, a dangerous malware infection which is designed to contact a remote server and download dangerous malware onto your computer system.
Do You Suspect Your PC May Be Infected with Win32/TrojanDownloader.Agent.QXN & Other Threats? Scan Your PC with SpyHunterSpyHunter is a powerful malware remediation and protection tool designed to help provide PC users with in-depth system security analysis, detection and removal of a wide range of threats like Win32/TrojanDownloader.Agent.QXN as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover
Security Doesn't Let You Download SpyHunter or Access the Internet?Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
- Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
- Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
- Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in "Safe Mode with Networking" and install SpyHunter in Safe Mode.
- IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.
File System Details
|#||File Name||Size||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your PC. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.