Today, a new Prime Minister took over office in Japan. As usual, malware authors are taking full advantage of this big occasion, launching targeted attacks that play upon the event. Symantec Security Response has received an archive file today with the file name mofa.zip, which contains an executable called mofa.exe. This file is detected as Backdoor.Darkmoon.E (http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-092515-0356-99)
According to a local news source (in Japanese), an email pretending to be from the newly elected Prime Minister, Yasuo Fukuda, is hitting some individuals’ email boxes. The email contains content in regards to Japanese diplomacy in Asia, along with the address and phone number of the Prime minister’s office – an attempt to make the email look more authentic. The name “MOFA” in mofa.zip is an acronym for the “Ministry of Foreign Affairs”, is also an attempt to trick the receiver into opening the malicious attachment. This attack has prompted Mr. Fukuda’s office to release a brief statement on this matter on its Web site (also in Japanese).