Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    August 2014
    S M T W T F S
    « Jul    
     12
    3456789
    10111213141516
    17181920212223
    24252627282930
    31  
  • About Us

    While checking personal spam emails that I received today, my interest was drawn by a certain email claiming that users can get $2400 by downloading the casino application:

    Once you click on the link hxxp://bearte.net.cn, you are sent to this Web page:

    This Web page asks you to download a file named InstallCasinoV2.exe. The said file is already under analysis; more updates to follow.

    But this is not what I really want to talk about here. This casino story made me think about pay-per-install programs and I decided to look for those programs with a simple search as follows:

    As you can see, I couldn’t have made it any simpler.

    Here is the result displayed:

    The second link here is interesting: “Get Paid to Read Email”. I thought, why not, so I clicked on this link and this is what it led to:

    This page looked every bit normal, and I started to browse and check the links on the left. So I just clicked on the link “MyPaidEmails”. It proved to be the beginning of a huge infection chain.

    Once the following page is loaded, you have no more access to your computer, which becomes too busy loading iFrames, scripts and malware:

    You can see the number of malicious processes loaded in memory from the screenshot of the machine’s Task Manager above, and this is only the beginning of the infection. All the files gathered are already under analysis, as well as the URLs added for Web Threat Protection (WTP) blocking. The malicious files are detected as the following:

    • TROJ_DLOADER.BG
    • TROJ_DLOADER.CO
    • TROJ_NUWAR.KE
    • TROJ_PROXY.KN
    • TROJ_DLOADER.DJA
    • TROJ_DLOADER.DJH
    • TROJ_PAKES.XH
    • TSPY_LDPINCH.AJW
    • TSPY_LDPINCH.AOL
    • HTML_AGENT.HDF
    • HTML_AGENT.HFA
    • HTML_AGENT.HDU
    • HTML_AGENT.HEC
    • HTML_AGENT.HEL
    • HTML_AGENT.HFB
    • HTML_AGENT.HFC




    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice