SophosLabs analysts today encountered a strange looking application called “Anonymous E-Mail Sender”.
Interested to download and try this anonymising email doohickey if you’d ever chance upon it?
If you’ve just said “Yes”, you’ve just agreed to installing a Trojan on your computer (detected by Sophos as Troj/Pasta-B).
After filling in the details and hitting the “Send” button, it appears to do what it say. A network packet trace reveals that the application does indeed perform a HTTP Post message to a server located at a Russian pornographic website(?).
Given that this application appears to have originated from Russia, I tried accessing the Russian Google website and was surprised to find that my computer was now as slow as molasses in January. What gives?
Unbeknownst to the user, while the Trojan was “chewing fat” with the remote server, it was also cooking something up and was as busy as popcorn on a skillet. It secretly modifies your HOSTS file, thereby preventing access/redirecting access to several websites (shown below).
And if you happen to be infected by this Trojan, there’s no point in crying over spilt milk or going bananas. Contact your anti-virus vendor and see if there might be a way to resolve your situation. Your vendor might already have a ready fix available.
Always update your anti-virus software and perform regular updates to your operating system and software. I know the taste of forbidden fruit always seems enticing at first but do refrain from making impulsive decisions. Avoid half-baked applications as you’ll never know when you would end up with egg on your face. Know which side your bread is buttered.
And remember, there is no such thing as a free lunch.
If an application seems even remotely suspicious, it is preferable to err on the side of caution. If it comes from an unknown source, drop it like a hot potato. I prefer my life to be one of a bowl of cherries than to one of eating humble pie all the time.