The virus is called DarkWatchman and is likely aimed at a Russian-speaking audience: this is evidenced by the emails received by victims. A ZIP archive is attached to the hacker letter, which is presented as a text document. When opening the archive, an error is displayed, but the virus starts downloading in the background, unnoticed by the user. After that DarkWatchman is registered in the Windows registry. The program weighs only 32 kilobytes, so it is extremely difficult to detect it.
The virus is dangerous because it is simultaneously controlled from 10 domains. DarkWatchman is launched when the computer is turned on and during the session generates 500 new domains – so the program is difficult to block.
Experts advised to use antivirus software for protection and not open suspicious letters.