Taking advantage of all the gift deliveries around the holiday season, criminals have started to send out fake emails from courier services and post offices in order to infect their victims with the Win32/TrojanDownloader.Agent.QXN Trojan. If you usually purchase online, chances are that you are expecting a package delivery during this holiday season. Criminals resort to emails with the 'failed package delivery' subject line in order to get your attention and convince you to open them and click on malicious links or download a dangerous attachment. The Win32/TrojanDownloader.Agent.QXN Trojan is linked with these kinds of dangerous emails, claiming to come from Canada Post, and using the canadapost.ca URL for its emails and links. ESG security researchers strongly advise being extra careful in this holiday season and to watch out for these kinds of fraudulent emails containing malware such as the Win32/TrojanDownloader.Agent.QXN Trojan. Do not be blinded by the excitement surrounding the holiday season; ESG security researchers expect a whole family of these kinds of dangerous emails corresponding to the major courier chains such as DHL, UPS, and FedEx.
An Overview of the Win32/TrojanDownloader.Agent.QXN Trojan's Scam Email
The layout of the scam email associated with the Win32/TrojanDownloader.Agent.QXN Trojan is quite professional. ESG security researchers consider it is likely that the images and text used in these emails were, in fact, copied from legitimate Canada Post emails. The criminals behind this online scam have been quite clever in including two links within this dangerous email. The first will actually take you to the Canada Post's website and to a form where you arrange a new delivery. However, the second email masks its IP address and will actually take the victim to a file hosted on a server located in Houston Texas. You can be sure that the file associated with this fraudulent email is not really associated with Canada post. Rather, the file is in .pif format and is deceptively named in order to appear to be a tracking number (by using the prefix "trk" followed by random characters). The fact that this file is in .pif format should set off alarms in most experienced computer users, and is certainly quite alarming to PC security researchers. The .pif extension is associated with a program information file which is used to run a program whenever it is opened. In this case, this file will attempt to run the Win32/TrojanDownloader.Agent.QXN Trojan, a dangerous malware infection which is designed to contact a remote server and download dangerous malware onto your computer system.
File System Details
|#||File Name||Size||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.