Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    We have recently detected a new spam attack that attempts to grab the bank data of Brazilian users.

    The mechanics of this attack are simple. Users receive this spam email:

    Click for larger view

    The mail claims that the user has received an e-card, and contains a link to “read” the said card. Click on the related link, a file is downloaded and executed:

    Click for larger view

    Apparently nothing happens, just an Internet Explorer is opened showing a related web card from this initial phishing. In the background, however, the HOSTS file is changed, and set to redirect certain Brazilian baking Web sites to a malicious web site. All information posted in any of the said pages will then be grabbed by the attacker.

    This spam email is now blocked by the Smart Protection Network. In addition, the malicious file involved is now detected as TSPY_BANCOS.JCM, and the malicious Web site is also blocked.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    • Kerr

      Don’t suppose we could see a sample of that hosts file?

    • http://anti-virus-rants.blogspot.com kurt wismer

      this is known as ‘pharming’.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice