Malware Targets Anti-Putin Protestors
BY Raphael Majma | Tuesday, March 13 2012
Days after President Vladimir Putin won the Russian presidential election, Russian Internet users began receiving spam emails targeting anti-Putin protesters.
Symantec first reported on the spam emails, which contained subject lines such as “All to demonstration,” and “Meeting for the equal elections.” The email is sparse, with the body instructing the recipient to download an attachment for further instructions.
The attached malicious document is a “Trojan.Dropper,” which opens and provides information and a map for a made up anti-Putin rally. According to Symantec, Droppers “create confusion amongst users by making them look like legitimate applications or well known and trusted files.” The Dropper executes a different piece of Trojan software, which proceeds to harm the recipient’s computer.
A system with enabled macros will see a number of common file types deleted on their system, including any .xls and .doc files. In addition, the Trojan attempts to contact an IP address that crashes the user’s computer.
Symantec notes that the spam attack is “quite unusual” and deviates from regular attacks. Spam attacks regularly fall under 10 KB in size, with the majority being smaller than 5 KB. The size of the attack targeting those interested in anti-Putin protests is 500 KB.