Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    The Web site of the Ministry of Finance in Brazil, Ministerio da Fazenda, has become the new target of the bad guys. Trend Micro Content Security Team found a phishing email that purports itself as a legitimate email coming from the said financial institution.

    It asks recipients to confirm that their income tax return that has not been delivered. The confirmation method is by clicking the hyperlink message, which leads to the URL hxxp:// However, instead of displaying an ordinary phishing Web site, it downloads a malicious executable file.

    The said file is already detected by Trend Micro as POSSIBLE_BANLD- 1, while the malicious URL has already been added on the database and will be blocked by WCS.

    – Update: March 27, 2008 –

    TrendLabs engineers further analyzed the malicious site and found the various malware being hosted on the said site, such as the following:

    • w.exe – detected as TSPY_AGENT.ALKZ
      (Note: The original file downloaded from the link is already detected as PE_PARITE.A)
    • formulario.exe – detected as TROJ_BANLOAD.CRZ
    • onnas.exe – detected as TSPY_BANCOS.AUE

    The file usersonline.txt, on the other hand, is a non-malicious file that contains IP addresses and ports, which based on analysis, are currently not available. Jose Lopez Tello, Trend Micro Virus Coordinator in Latin America, notes that it is not certain if the IP addresses contained in the mentioned text file are from online users or just a fake list, but what is interesting is that all of the IPs are located in Brazil.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice