Malware spotted in LogMeIn “Account locked” Notification

Published by Pierre on

For all the LogMeIn users out here I spotted some potential Malware via my inbox yesterday and thought I will let you know.

LogMeIn Notification - Malware

LogMeIn Notification - Malware

 

I received a notification from LogMeIn (do-not-reply@logmein.com) stating LogMeIn Account Notification – Account locked. Since I do not have a LogMeIn account on this email address I was immediately suspicious and decided to investigate further.

The e-mail address looks authentic but could have been spoofed (Later confirmed by many Anti Virus providers). Next I investigated the clickable links on the e-mail. The text displayed seemed shows a “secure.logmein.com” address, but if you hover the mouse over the link (to reveal the actual link), it is linking to another site. In my case (barbeauvitresdautos.com/Scripts/logmein_unlock_form.zip).

At this point it is immediately clear that this is a malware e-mail and that I should not click the link.

According to MXlab, an e-mail security company, the virus has the following attack pattern.

The malicious URL downloads a ZIP file with the name logmein_unlock_form.zip that contains the 260 kB large file logmein_unlock_form.pif.

The trojan is known as Trojan.Win32.Agent.AMN (A), a variant of Win32/Kryptik.ASTO, Trojan-Spy:W32/Zbot.BBHD, UDS:DangerousObject.Multi.Generic, Trojan.Zbot or Troj/Agent-AANP.

The following process will be created:

umgio.exe

The following Host Name was requested from a host database: 192.5.5.241.

Several Windows registry changes will be executed and the trojan can establish connection with the domein 249a2efd08167c5c.com on port 80.

Here are some easy steps to protect your PC/MAC from being infected by virus like this.

  1. Invest in decent anti-virus/spam scanning software. Speak to an expert if you are not sure which one to get.
  2. When you do not expect an e-mail be suspicious and contact your provider or the sender of the e-mail to check its validity of the source before clicking on any links.
  3. If you are infected, act immediately. The longer you wait the bigger your potential issues might be.

 

Categories: Online LifeSecurityTips & Tricks
Tags:

1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Office Mobile
Cloud Solutions

Office Mobile for Android Phones

Office Mobile for Android Phones, now available for Office 365 subscribers As part of the Office 365 subscription, the new Office Mobile for Android phones app is now available! With Office Mobile, you can access, Read more…

Tips & Tricks

Arrange a meeting and Book a Room (Outlook 2010)

When you create a meeting request in Outlook, it is typical and convenient to include the meeting location for the meeting or event. You can use the Address Book to find a Conference / Meeting Read more…

Outlook Delegate Access
Tips & Tricks

Provide delegate access to your outlook folders

Beyond merely sharing Outlook folders, Delegate Access enables you to grant additional permissions, such as allowing a delegate the ability to create e-mail messages or respond to meeting requests on your behalf.