Today SophosLabs analysts encountered a variety of stock/medicine spam messages containing an embedded link to a malware hosted on a remote website. The embedded link to the malware is already being detected by Sophos as Troj/eAgent-D. This malware is a spamming Trojan tool for the Windows platform, providing functionality to act as an email spam proxy. The presence of Troj/eAgent-D clearly indicates that spammers not only can spread their advertisements but they can also spread malware in an attempt to gain access to their victims’ computers.
Below is the text of one of the samples:
http://<url omitted>/intranet/Britney.exeSREA Coming Out Of The Shadows!Score One Inc.sRe acL: $0.11SREA has been keeping quite for some time.Acquiring one company after the other and reorganizing its direction.We have heard they are getting ready to make a come backand we should expect big things. This one could be huge and itis the right p rice. Get ahead of it.Get on SR E A Wed!