Finc IT News

Get all the Finc IT Updates, Tips and Tricks...

Malware spotted in LogMeIn “Account locked” Notification

For all the LogMeIn users out here I spotted some potential Malware via my inbox yesterday and thought I will let you know.

LogMeIn Notification - Malware

LogMeIn Notification - Malware

 

I received a notification from LogMeIn (do-not-reply@logmein.com) stating LogMeIn Account Notification – Account locked. Since I do not have a LogMeIn account on this email address I was immediately suspicious and decided to investigate further.

The e-mail address looks authentic but could have been spoofed (Later confirmed by many Anti Virus providers). Next I investigated the clickable links on the e-mail. The text displayed seemed shows a “secure.logmein.com” address, but if you hover the mouse over the link (to reveal the actual link), it is linking to another site. In my case (barbeauvitresdautos.com/Scripts/logmein_unlock_form.zip).

At this point it is immediately clear that this is a malware e-mail and that I should not click the link.

According to MXlab, an e-mail security company, the virus has the following attack pattern.

The malicious URL downloads a ZIP file with the name logmein_unlock_form.zip that contains the 260 kB large file logmein_unlock_form.pif.

The trojan is known as Trojan.Win32.Agent.AMN (A), a variant of Win32/Kryptik.ASTO, Trojan-Spy:W32/Zbot.BBHD, UDS:DangerousObject.Multi.Generic, Trojan.Zbot or Troj/Agent-AANP.

The following process will be created:

umgio.exe

The following Host Name was requested from a host database: 192.5.5.241.

Several Windows registry changes will be executed and the trojan can establish connection with the domein 249a2efd08167c5c.com on port 80.

Here are some easy steps to protect your PC/MAC from being infected by virus like this.

  1. Invest in decent anti-virus/spam scanning software. Speak to an expert if you are not sure which one to get.
  2. When you do not expect an e-mail be suspicious and contact your provider or the sender of the e-mail to check its validity of the source before clicking on any links.
  3. If you are infected, act immediately. The longer you wait the bigger your potential issues might be.

 

  • Request a Callback
  • Not enough time in the day? No problem. We will contact you regarding any information you need or want reqarding your IT needs.

    Click the link below and complete the form and WE will call YOU back as soon as we receive the notification.

    Request Callback

  • Join our mailing list...
  • Finc IT Updates, Tips and Tricks straight to your email inbox:
    * indicates required

    View previous emails