Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    We have recently detected a new spam attack that attempts to grab the bank data of Brazilian users.

    The mechanics of this attack are simple. Users receive this spam email:

    Click for larger view

    The mail claims that the user has received an e-card, and contains a link to “read” the said card. Click on the related link, a file is downloaded and executed:

    Click for larger view

    Apparently nothing happens, just an Internet Explorer is opened showing a related web card from this initial phishing. In the background, however, the HOSTS file is changed, and set to redirect certain Brazilian baking Web sites to a malicious web site. All information posted in any of the said pages will then be grabbed by the attacker.

    This spam email is now blocked by the Smart Protection Network. In addition, the malicious file involved is now detected as TSPY_BANCOS.JCM, and the malicious Web site is also blocked.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    • Kerr

      Don’t suppose we could see a sample of that hosts file?

    • kurt wismer

      this is known as ‘pharming’.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice