Chanitor Trojan: "Maleficent Microsoft Volume Licensing Spreading Malware"

Several companies have recently received an email from the Microsoft Volume Licensing Service Center (VLSC) comes appeared and attempts to spread via a clever trick JavaScript malware. Through the VLSC companies to manage their Microsoft licenses. The message that goes around is very similar to the emails that sends Microsoft normally on the VLSC and a personalized salutation. According to the e-mail recipients may register via the attached link for the VLSC.

The link actually points to a hacked WordPress server. Using JavaScript, however, the real-VLSC Microsoft Web site shown where users can log in. However, there is simultaneously a zip file provided that the hacked WordPress server originates.This seems like the file from the Microsoft Web sites originates, although the hacked WordPress server is listed at the download location.

Offered zip file contains another .scr file is a Trojan horse. This "Chanitor Trojan" then connects to the Tor network. According to Cisco, the malware at the time was that the e-mails were detected around 9 out of 57 virus scanners on VirusTotal.

Hashesh:

1b147fc9d5342ca0fa59207d366ec4fb  (VLSC Microsoft.zip)

6266dc7f68e98b3a52908a7e2b5fe4eb (Volume_Licensing_Service_Center_details_7834892334.scr)