Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Trend Micro fraud analysts recently came across spammed messages targeting customers of the Fifth Third Bank. The messages urged recipients to log in to a temporary link, http://www.53.com.{BLOCKED}.com.pl/wpserver/cmportal/cblogin.php?session=667882698791972326077742654898739&email=p2t2all@tacobell.com, in order to download and install a digital certificate that would supposedly reinforce the bank’s security. Clicking the link, however, led users to a phishing page that prompts them to key in their user names and passwords. This, as you all probably know by now, is a typical tactic to trick users into giving out their personal credentials, which can then be used for further malicious activities or sold in underground forums.

    Click for larger view Click for larger view

    After signing in, users will see a prompt to download the said digital certificate, certificate.exe, which is actually a malicious file Trend Micro has detected as TSPY_ZBOT.SMAP, which is capable of stealing personal credentials via keylogging. The stolen data, mostly banking-related information, are then sent to a couple of URLs via HTTP POST. It also has the capability to stop firewall-related processes to mask its malicious activities.

    Click for larger view Click for larger view

    Trend Micro™ Smart Protection Network™ already protects users from this attack by detecting and blocking the spammed messages, access to the malicious sites, and the download of the malicious file.

    As additional precaution, however, users are advised to be wary of clicking links in suspicious-looking messages, particularly those that come from unknown senders.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice