There has been a surge in spam over the past week containing a trojan that mysteriously targets Australians and connects to servers in Russia and Poland if installed, according to Symantec.
“The attackers behind this malicious spam campaign appear to have no specific target in mind other than compromising a large base in Australia for reasons still unknown,” the security vendor warned on Wednesday.
Spam in two flavours are delivering the same malware concealed in two different .zip attachment files: one purportedly from an airline -- which appears by the colours to be Jetstar; another claimed to be from Australian Taxation Office.
The ATO spam’s subject field is titled “Tax Agent Report - Delayed Tax Returns” and contains a “Tax Report.zip” attachment. The zip contains a malicious executable TaxReport.xls.exe.
The subject field “Check-In Details” heads the airline spam, which carries a zip that contains a malware file labeled “check-in details.pdf.exe”.
The malware, which is designed to download additional malware, connects to command servers located in Poland and Russia, according to Symantec.
Symantec advised to be cautious when opening email attachments.