Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Part of malicious authors’ tactics in effectively spreading malware is using sophisticated social engineering pitches, which usually include a recent, and most often than not, tragic events like the Katrina hurricane or the Kyrill storm. As most attacks are now targeted, they also write their pitches in local language. Such is the case for this new malware that takes advantage of a recent tragedy in Brazil.

    Yesterday, a Brazilian airliner (TAM) skidded off a runway at a Sao Paulo airport and crashed into a gas station and a TAM building, killing almost 200 passengers and employees. While the whole world mourns for the loss of lives, cyber criminals are not wasting any time in exploiting this tragedy to spread malware, steal information and gain profit from it. Trend Micro detects this malware as TROJ_BANLOAD.CGL.

    According to initial analysis by TrendLabs Threat Analyst Jhoevine Capicio, this malware arrives via spammed email messages that contain news about the said Brazilian tragedy and a link to a video. When users click on the link, they are directed to the following Web site and asked to run an EXE file (TROJ_BANLOAD.CGL), which in turn downloads a spyware:

    This site appears to have been hacked by the malware author to host the Trojan. The spyware, on the other hand, connects to an FTP site where it uploads stolen information, mostly email addresses.

    This Trojan also downloads the spyware TSPY_BANKER.JHR from another Web site. This Banload variant is reminiscent of last month’s TROJ_BANLOAD.CZE, which also downloads another BANKER variant. Malware authors are still on the money trail.

    Users are advised to be wary of opening email messages they receive containing details about this recent tragedy.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice