Trojan Targets XP Users

Monday, October 5, 2015 @ 02:10 PM gHale

Windows XP users out there, and there are still plenty, need to be aware because there is a Trojan targeted the unsupported operating system.

A new spam campaign is distributing the Upatre downloader around the world and this malware only executes on Windows XP, said researchers at security provider, AppRiver.

Microsoft Patches Zero Day Holes
Flash Zero Days Abound
Espionage Group Leverages Flash Zero Day
Adobe Patches Flash Zero Day

The campaign comes with an email subject line that says “Attorney-client agreement,” and tries to trick users into opening ZIP archives loaded with the Upatre Trojan.

This campaign is different from other spam campaigns because the file of the ZIP archive consists of three random names, which are always different in each email, making it difficult for spam filters to block the emails based on the attachment’s filename, AppRiver said in a blog post.

Upatre, first spotted in August 2013 after the demise of the Blackhole Exploit Kit, is a downloader Trojan, a malware family that brings in more dangerous malware on infected machines. In the past, Upatre downloaded malware the programs Dyreza, Rovnix, Crilock, and Zeus.

This version of Upatre only runs on XP machines, shutting itself down through one of its internal filters whenever executed on a different platform.

When on an XP computer, the malware can take over system processes, add registry entries, shut down security certificates, and check for reverse-engineering debug tools.

Once it accomplishes its goals, it then sends the user IP address and local OS details to a C&C server at, and waits for more instructions.