The Irish are being emailed a trojan downloader

ESET Ireland finds a trojan downloader in disguised as a purchase order email.

An email with a malicious attachment has been identified by ESET Ireland. The email pretends to be a “purchase order” confirmation email, but has an archive file attached. The email reads:


The receiver of the email is usually alarmed about a “purchase” they never made and want to investigate this, by having a closer look at the “detailed information on your purchase” the email mentions.

The attachment however doesn’t offer any “information”, but instead includes an executable file, which contains a variant of a trojan downloader, which ESET recognises as Win32/TrojanDonloader.Elenoocka. Elenoocka is a trojan which tries to download other malware from the Internet. It contains a list of 6 URLs and attempts to download several files from the addresses. The files can contain Win32/Kryptik.CKEY trojan, from the rather nasty family of Kryptik trojans which create malicious system files that hide deeply inside your operating system, avoiding detection and basically opening your computer for any sort of infections, the cybercriminals want to send your way.

A computer infected by a trojan like this one can be used by cybercriminals as a part of a botnet, without the owner even knowing and used for hacking attacks, distributing illegal content or sending spam.

ESET Ireland advises Irish computer users to avoid opening any unknown attachments to emails, particularly emails like this one, which are designed to play on people’s curiosity.

Although ESET users are protected against this infection, it is always goood to make sure your virus definitions are up to date and your operating system updates are regularly installed.

by Urban Schrott, ESET Ireland

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s