Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Two new spam campaigns spreading variants of the BANKER family of identity-stealing Trojans have recently emerged. The first campaign features spammed messages containing malicious links to supposed pictures. Once clicked, however, users ended up with TSPY_BANKER.OCN infections. This campaign made use of standalone files (see Figure 1).

    The second campaign was more elaborate, as the involved malware (detected as TSPY_BANKER.MTX) had two components—one steals banking-related information while the other steals email account information (see Figure 2).

    Click for larger view Click for larger view

    Both campaigns may, however, be related, as the information they steal from users end up in drop zones that are hosted on the same Web server:

    • {BLOCKED}
    • {BLOCKED}

    Looking for more details on revealed the following details:

    IP: Hosted in the USA
    ASN: AS46475 LIMESTONENETWORKS Limestone Networks Inc. Primary ASN

    Digging a little bit deeper still, three interesting pages cropped up that revealed the number of systems each contracted spammer has infected so far (see Figure 3), a list of PHP servers where stolen information is sent (see Figure 4), and a list of files that contained encrypted information downloaded by infected hosts (see Figure 5).

    Click for larger view Click for larger view
    Click for larger view

    More spam campaigns from the said Web server may be seen in the days to come but Trend Micro product users need not worry as they are protected by the Smart Protection Network™, which blocks spammed messages and user access to malicious sites and domains and prevents the download of malicious files detected by Trend Micro as TSPY_BANKER.OCN and TSPY_BANKER.MTX.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice