Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Financial crisis or no financial crisis, banks have emerged as social engineering standards. However, as floundering financial institutions take centerstage in the public’s consciousness, users may become more susceptible to banking-related ploys.

    Less than a week ago, TrendLabs reported on a scheme targeting Wachovia, the fourth largest banking chain in the US. This time, an almost identical plot has been set using Merrill Lynch as bait. The storied firm has received a sizable amount of media attention lately due to its high-profile bailout by the Bank of America.

    The spam email message may appear as such:

    spam sample
    Figure 1. Fake Merrill Lynch spam

    While those on social engineering watch may expect a frenzied appeal to buck up security in the face of the financial crisis, this scheme actually comes off cool and collected.

    Trend Micro Advanced Threats Researcher Ivan Macalintal notes the use of very long, legitimate-looking URLs contained in hyperlinks on the spammed email messages. “[We] haven’t seen this for quite some time. [It] looks legit in a way but [then], you have to dig deeper,” Ivan says.

    Clicking on the links will result in the download of malware detected as BKDR_AGENT.AWAF. It compromises system security, possibly allowing a remote user to issue commands on the affected system. It also drops TROJ_ROOTKIT.FX which has rootkit capabilities, used to hide malicious files and processes to ensure memory residency. One may remember TROJ_ROOTKIT.FX as the same malware found in the recent Wachovia spam, denoting that this is possibly the working of the same malware author.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice