Not Another Anjelina Jolie Malware Campaign

You would’ve thought that most of these spammers/malware authors would have given up by now. But no…. the Anjelina (spelling, people!) Jolie malware/spam campaign continues to rumble on unabashedly.

This time, a huge spammed out malware campaign manifested itself in the form of an email with the subject line “New anjelina jolie sex scandal” (yeah, right) and with an attachment filename of “anjelina.exe” (detected by Sophos as Troj/FakeVir-GL).

In this instance, Troj/FakeVir-GL is a Trojan that attempts to disguise itself as a fake antivirus warning message (no less dissimilar to this Trojan or this Trojan) that pops up on the system tray of the infected computer (eagle-eyed viewers would have instantly noticed the bad spelling mistakes in the warning message).

Troj/FakeVir-GL

To add to the woes of the unlucky user who happened to open the file attachment, Troj/FakeVir-GL comes with a bunch of other nasties.

Not only does it drop a number of other pieces of malware (proactively detected by Sophos as Mal/EncPk-BB and Mal/FakeAle-C) but it also attempts to download code from remote websites. Unfortunately for the malware authors, the downloaded code from these websites have been proactively detected by Sophos as Mal/Heuri-E. Sophos analysts have also blocked the URIs hosting the malware via our web security appliances.