Malicious Trojan poses as McAfee alert

The Lafool.v Trojan is hidden in a Word document

Security experts have intercepted a mass mailing purporting to come from McAfee, but which actually spreads a Trojan horse.

Kaspersky Labs described the mass mailing as "unusual" because the messages attempt to spoof the email address mcafee@europe.com.

The Lafool.v infection is hidden in a Word document called 'McAfee Inc. Reports.doc'. The file is 80,635 bytes in size, and allegedly contains a report about the propagation of malicious programs on the internet.

However, the document actually contains a macro written in Visual Basic for Applications.

Lafool.v extracts a new modification of LdPinch, a well-known Trojan password stealing program, from itself and launches it for execution, Kaspersky Labs warned.

LdPinch steals passwords to a number of services and applications, including AOL Instant Messenger and ICQ, and other confidential user data.

Kaspersky Anti-Virus detects the new variant of this program as Trojan-PSW.Win32.LdPinch.bbg.