Skip to main content

Trojan malware exploits Paul Walker’s death to snare victims

A brand new form of malware has been exploiting the death of The Fast and the Furious star Paul Walker back in November to spread malware among its victims.

The latest slew of emails comes in the form of a plea to help find a Dodge Viper GT that was supposedly racing with Paul Walker's car on the night of his death.

The email asks that anyone with information call a number in the email or open the attached file to view a picture of the Viper GT's driver. The emails also offer compensation or some kind of reward if the Viper GT is found.

What's so dangerous about this digital nasty is that each executable file is made specifically for the email address it is sent to, and is compiled just before the email is sent, allowing the attacker to tailor their assault on new systems.

It also means the subject lines and body text of the email keeps changing, allowing the malware to bypass spam filters.

The sender's email address is always an email account that has been hacked or otherwise compromised. The malware also harvests the inboxes and address books of compromised systems to continue the spate of hazardous emails.

According to security firm Symantec, once the malicious file has been executed an error notification is sent indicating that a 32-bit or 64-bit computer is needed to run the file.

An error message may also indicate that the user does not have sufficient permissions to run the file, even though the malware continues to run in the background. The Trojan then starts to perform DNS queries through a list of domains with similar names until the malware gets a DNS query return. It will then connect to that URL to download a file into the following directory:

"%UserProfile%Application Dataamhldfbyjmgkskzjmtypb.exe"

Once the file (kskzjmtypb.exe) is downloaded, it runs and connects to to download qr1aon1tn.exe. When this runs, it drops the following file:

"%UserProfile%Application Dataamhldfbyjmgfdxeuzv.exe"

To avoid getting burned, Internet users should make sure to follow the following common-sense security measures:

  • Exercise caution when receiving unsolicited, unexpected, or suspicious emails
  • Avoid clicking on links in unsolicited, unexpected, or suspicious emails
  • Avoid opening attachments in unsolicited, unexpected, or suspicious emails
  • Keep security software up-to-date
  • Update antispam signatures regularly

If you're sick of getting spam all the time, check out our tips to beat the spam and keep your inbox clean.