A new Web Threat reportedly capitalizing on the recent Virginia Tech tragedy is spreading in the wild. Trend Micro detects this malware as TROJ_BANLOAD.CFU. It arrives as an attachment from a spammed email message. Once the recipient opens this attachment, the Trojan executes and directly connects to the Web page http://{BLOCKED}sting.pop.com.br/glx/vaca/index.jpg where the following image is then displayed:



This Trojan then proceeds to download two other malware detected as TROJ_GENERIC and information thief TSPY_BANKER.HHW from the following Web pages, respectively:

• http://85.10.{BLOCKED}.71/Carteiro/Z3r0_C0rp2.exe
  
• http://{BLOCKED}sting.pop.com.br/glx/vaca/FANIVIDEOS_BBB7.scr

In addition, it terminates a number of processes mostly related to security applications to make its detection on the affected system more difficult. Users are advised to be cautious in opening forwarded email or messages from untrusted sources that pertain to the Virginia Tech shooting incident.