I can’t believe it but today I installed a Trojan
Yes, it happened to me too! (st-u-pid)
I got email from “USPS” claiming that a delivery was delayed because no one was at home (and actually I was really expecting one to come)
So I clicked on the link to see the PDF, but few seconds after I ran it i knew that I am doomed!
The file was called usps_ship_receipt.pid (NOT PDF) and its actually executable (the text you see on first link actually has a link to a different URL: http://habilitas.de/files/usps_ship_receipt.pif <DontClick/>)
When running it, it spawns a new process that start tracking the system (called NTVDM.exe and another tmp exe that runs in the windows\temp)
it looks like this trojan is opening a socket in listen mode and also broadcast the server address to random target servers over the internet that include s15229459.onlinehome-server.info:80, ip143.gohost.kz:80, etc
Amazingly – OfficeScan doesn’t find this Trojan!