Brazil: Phishing Changing A HOSTS File? | Malware Blog | Trend Micro

Targeted Attacks
- Is The Raspberry Pi Secure?
- What Connections Between Attacks Say About Them
- Hiding in Plain Sight: A New Targeted Attack Campaign
- Backdoor Built With Aheadlib Used In Targeted Attacks?
- Malicious PDFs On The Rise

Mobile
- Get Free Followers! on Instagram? Get Free Malware, Survey Scams Instead
- Mobile Ads Pushed by Android Apps Lead to Scam Sites
- Finding Banking Trojans in Eastern Asia – Report From CeCOS VII
- How Mobile Malware Uses The Web
- (Lack of) Android Updates To Come Under FTC Scrutiny?

About Us

Trendlabs Security Intelligence > Brazil: Spam Changing A HOSTS File?

Aug14

Brazil: Spam Changing A HOSTS File?

2:04 am (UTC-7) | by Eduardo Godinho (Threats Analyst)

We have recently detected a new spam attack that attempts to grab the bank data of Brazilian users.

The mechanics of this attack are simple. Users receive this spam email:

The mail claims that the user has received an e-card, and contains a link to “read” the said card. Click on the related link, a file is downloaded and executed:

Apparently nothing happens, just an Internet Explorer is opened showing a related web card from this initial phishing. In the background, however, the HOSTS file is changed, and set to redirect certain Brazilian baking Web sites to a malicious web site. All information posted in any of the said pages will then be grabbed by the attacker.

This spam email is now blocked by the Smart Protection Network. In addition, the malicious file involved is now detected as TSPY_BANCOS.JCM, and the malicious Web site is also blocked.

Share this article

This entry was posted on Friday, August 14th, 2009 at 2:04 am and is filed under Malware, Spam . Both comments and pings are currently closed.

Kerr

Don’t suppose we could see a sample of that hosts file?
http://anti-virus-rants.blogspot.com kurt wismer

this is known as ‘pharming’.

1H 2009: Malware Threat Grows Ever Larger

August 2009 Patch Tuesday Addresses MS Vulnerabilities

Other Trend Micro blogs

CounterMeasures Blog

Cloud Security Blog

Consumerization Blog

Internet Safety for Kids & Families

Simply Security News

Trend Micro Blog [German]

TrendLabs Security Blog [Japan]

Cloud Security APAC

Trend Micro Free Tools

Threat Encyclopedia

Trend Micro Videos

Do you have a product-related question? Visit our eSupport website.

© Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice