Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Here’s the latest spam alert from our Content Security Team:

    An email message purportedly coming from Bradesco, a well known financial institution in Brazil, has been found in user inboxes in Brazil. The text of this email is found below.

    De: Bradesco S.A
    Enviada em: terça-feira, 3 de junho de 2008 10:54
    Para: {recipient}
    Assunto: Comunicado Importante
    Caro cliente,

    Informamos que desde 14/06/2007, o uso da Chave de Segurança Bradesco Eletrônica para acesso ao Bradesco Net Empresa passou a ser obrigatório.

    Desde a data 03/06/2008 o sistema de identificação do Bradesco Net Empresa foi atualizado para a versão 3.3.15 para melhor interagir com o sistema de segurança atual.

    Informamos que para continuar acessando normalmente o Bradesco Net Empresa será necessário efetuar a atualização deste componente.

    Para realizar a atualização basta clicar em uma das opções abaixo e em seguida clicar em salvar e logo após em executar , feito isso aguarde alguns segundos e siga as instruções de instalação.
    {link}
    Em caso de dúvida, contatar a Central de Apoio á Empresa, pelo e-mail {email}, de segunda a sexta-feira das 07h00 ás 20h00

    Agradecemos a cooperação.

    © 2008 Banco Bradesco S.A. Todos os direitos reservados.

    It enjoins the recipient to download the software update for their electronic security key to be able to regain access to Bradesco Net (the online banking facility of Bradesco). It also contains directions about what to do after the user accepts and executes the software update.

    When users click the link they are asked to download a 763kb-file named certificado-3.15.exe, that uses the Bradesco log as its icon. The said file, however, is a TSPY_BANKER variant (TSPY_BANKER.PAA).

    After executing the file, the user sees the dialog box shown below.

    The dialog box, in English, reads:

    Bradesco
    Companies

    This program will update your digital certificate

    Attention: You should maintain that file in a removable media ex:
    Token, CD-Rom, Diskette or others

    We inform you that to perform this operation YOU NEED TO BE CONNECTED TO THE INTERNET

    [Update]

    Once the user clicks on the [Update] button, a second window is displayed, asking him/her to indicate the source of digital signature (SmartCard or File).

    If the user chooses the File option he/she is prompted to locate it.

    After that, the dialog box prompts the user for his/her personal password (to open the certificate).

    It then asks for the user’s 6-digit bank token password.

    Once given all the information, it opens a connection to a .br SMTP server and sends all the information given to a certain email address. After this the application freezes indicating that the process is still authenticating.

    There are different online elements that can be blocked or detected to prevent users from getting infected: the email message (detected via TMASE pattern release 5954), the malicious URL in the email (blocked by our Web Threat Protection technology), and the downloaded file (detected by our antivirus scanner as TSPY_BANKER.PAA). Users are asked to refrain from opening email from unknown senders, but if there is still doubt whether a sender is legitimate, remember that no banking institution will ever ask for your credentials via email (even if–or especially if–it requires you to download a file first).

    The safest route to access your online bank is to use your clean bookmarks or to type the bank’s URL directly into the address bar. Bradesco Net users in the Latin American region should be wary of this attack.

    You can read about similar attacks against banks here, here, and here.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice