I can’t believe it but today I installed a Trojan

Yes, it happened to me too! (st-u-pid)

I got email from “USPS” claiming that a delivery was delayed because no one was at home (and actually I was really expecting one to come)

So I clicked on the link to see the PDF, but few seconds after I ran it i knew that I am doomed!

The file was called usps_ship_receipt.pid (NOT PDF) and its actually executable (the text you see on first link actually has a link to a different URL: http://habilitas.de/files/usps_ship_receipt.pif  <DontClick/>)

When running it, it spawns a new process that start tracking the system (called NTVDM.exe and another tmp exe that runs in the windows\temp)

it looks like this trojan is opening a socket in listen mode and also broadcast the server address to random target servers over the internet that include s15229459.onlinehome-server.info:80, ip143.gohost.kz:80, etc

Amazingly – OfficeScan doesn’t find this Trojan!

Damn it!