Home Forums Discussions General Discussion LMI Phish Spreads Trojan

I received the following email today. It is obviously a phishing email. If the link is clicked, and your AV is not up to date, a Trojan will be placed on your hard drive. The trojan is: Win32/Kryptik.BATO trojan. I am not sure the seriousness of the Trojan but all should be taken seriously given the damage they can do and how difficult they can be to remove. I have listed below some keys to what I think gives this email away. Feel free to add if you see any I missed or if you think I stated one that shouldn't have. I wrote this because so many users do use LMI.

Dear customer,

You are receiving this notification because you have chosen LogMeIn software as the remote control solution of your business.
We have been informed that a remote execution vulnerability exists in the LogMeIn software, allowing attackers to compromise a successfully exploited computer.
An emergency patch has been released, in order to reduce the potential successful attacks and fix this issue.
The patched computers will be secured against this type of attack.

The emergency patch can be downloaded from the following:

http://www.nowsafelink.com

It is strongly recommended that you apply this patch on all computers where LogMeIn is installed, as soon as possible.
If you are not on the computer where the software is installed, you can save the patch to a flash drive or to a CD, and then you can run it on the computer that has the problem.


Regards,
LogMeIn.com Support

(Please do not reply to this email, as it's sent from an address that's not monitored.)

Tips to the phishing hook:

1. Would never start the email with "We have been informed..."
2. "remote execution vulnerability" would be too technical for the average customer.
3. I doubt "emergency patch" would be the wording they would choose.
4. There would be no gap between issue and The patched...
5. As David mentioned earlier, they would direct you to log onto the site to download anything.
6. Again there would be no gap between possible and If you are...
7. They would never tell the average customer to save it to a CD.
8. There is no need of a comma after "has been released" in first paragraph.
9. There is no need of a comma after "LogMeIn is installed in the paragraph under the link.
10. LogMeIn.com Support looks horrible.
11. The font looks like something from a Royal typewriter.
12. The please do not reply caveat would not be in parentheses especially with a period at the end.
13. It is amazing that phishers can make this many glaring errors in one email.

Just out of curiosity, what is linktotrojan.com? I'm too afraid to click on it!

In my younger and more vulnerable days, I think I would have fallen prey to such tactics. Any sort of official looking correspondence that demands payment or warns of impending doom drunkenly flusters the neophyte. All focus zeroes in on the what, how, and when and questions about the correspondence's veracity fall to the back of the mind. At least that's how it was for me, gullible and naive- or as some might say, needlessly trusting.

Lol @ the "royal typewriter" font.

Good point about the link. And, ironic. I took their link and edited it, but I was actually still worried it would work and/or scare some people. I could see where my new one could as well. So, I changed it.

I also realize that since I copied and pasted here, that the font would look good again, but trust me, it was hideous. It reminded me of that move with Glen Close and Jeff somebody with the typewriter in the closet.