Posts Categorized: Trojans


Keylogger Poses as Document from Spain’s Central Bank

by

An attempt to push down the Trojan-Backdoor-Zbot password thief to Spaniards may signal a new wave of attacks by a crew of attackers who spent the better part of 2009 trying to convince gullible Internet users in different countries to download and execute Zbot installers poorly disguised as transaction records or other important financial documents. A bogus Banco de España (BdE) Web site came and went quickly last week, but not before we took a deep dive and came up with a mouthful of malware. Believe me, it tasted terrible. The page, designed to mimic closely the appearance of the […]

Continue Reading »

Facebook “Photo Album” Spam Drops Trojans

by

A spammed link campaign that spread through Facebook rapidly over the weekend delivered a malicious payload designed to take control of the Facebook account of any infected user, steal passwords, and hijack clicks in the victim’s browser. The messages appear as links sent by a friend, accompanied by the brain-damaged text “You? I find it on Google.” Clicking the link directs recipients to a page on online-photo-albums.org which, at the time, pointed to malware hosted on a server (now offline) based in Bosnia and Herzegovina. This installer drops no fewer than six payloads, including the “clickjacker” Trojan-Bamital, which redirects the […]

Continue Reading »

Phisher Puts Antiphishing Tool in the Crosshairs

by

A small-time Trojan has decided to butt heads with a big-time anti-phishing tool, and ended up with dirt on its face. The malware looks like a fairly generic clone of Trojan-Phisher-SABanks, with an extra feature that sounds like it might be a good selling point for cheap cybercrooks intent on stealing a few bank passwords for fun and profit. The trojan attempts to disable or delete parts of Trusteer’s Rapport anti-phishing software. And fails, miserably. One version of the Trojan drops, then executes, a batch file that attempts to delete the main application. Another drops a batch which targets a […]

Continue Reading »

Trojan Masquerades as iTunes Gift or Résumé

by

If you received one or more email messages over the past week that claim to contain an attached gift certificate for the Apple iTunes store or an unsolicited résumé, you probably received the latest scam involving the Tacticlol downloader. The iTunes-themed spam messages use the forged return address of gifts.certificate@itunes.com and read, in part, You have received an iTunes Gift Certificate in the amount of $50.00. You can find your certificate code in the attachment below. The resume messages simply say Please review my CV, Thank you! — using the abbreviation for Curriculum Vitae, the British analogue to the word […]

Continue Reading »

This PC Will Self-Destruct in Ten Seconds

by

Phishing Trojans that try to remain below the radar are still prevalent, but a number of files coming through Threat Research point to a disturbing trend: Several new variants of existing malware families are taking a scorched earth approach to infected computers, rendering the PC unbootable (just check out the batch file at left for just one egregious example) once the malware has retrieved whatever data it’s trying to steal, or deliberately crashing it, repeatedly, if you try to remove it. Since the middle of last year, we’ve seen a sprinkling of malware that also wipes out key files on […]

Continue Reading »

8 Tips for Filing Taxes Online Safely

by

By Mike Kronenberg Getting ready to file your taxes online — and doing it at the last minute? Well, cyber-scammers are ready for you. Thieves are schemers, and they’ve got a bag full of tricks to steal your identity. You might even be doing things to make their job easier. And if you use a PC at work to do your return,  identity theft could be as simple as a crook (or an unscrupulous coworker) digging around and finding sensitive files. One might send you an e-mail that offers a quick refund — or a warning about a problem with […]

Continue Reading »

Play it Safe on Safer Internet Day

by

February 9 marks Safer Internet Day, and around the world, people are trying to help their fellow netizens navigate an obstacle course of threats to their security and privacy. InSafe, the organization funded by the EU that sponsors the annual youth-targeted event, has themed the day around the concept “Think B4 U post.” As grammatically sloppy as that sounds, it’s actually good advice. Readers of this blog shouldn’t be surprised that myriad dangers threaten the safety of all Internet users: Keylogging software disguised as “updates” are everywhere; Fake security alerts pop up when you least expect them; Phishing Web pages […]

Continue Reading »

Zbot Fakes ABA Banking Site, Seeks a Stimulus Package

by

As the reign of nuisance by Trojan-Backdoor-Zbot continues, the latest scam invites victims to review a “transaction report” on a page supposedly on the Web site of the American Bankers Association, or ABA. (I wouldn’t want to call it a reign of terror; that might give the Zbot authors an inflated sense of their own importance. Zbot is like a wasp buzzing around the picnic table, and deserves a good, sharp smack, preferably with a shoe.) The “report” is, of course, an installer for this Trojan. The scam is virtually identical to ones we’ve seen where the scammer sets up […]

Continue Reading »

Visa Targeted (Again) by Zbot Phishers

by

The gang of malware distributors who are currently flooding the Internet with bogus Facebook “Update Tool,” CDC “H1N1 Flu Vaccination Profile,” and IRS “Tax Statement” emails and Web pages are at it again — this time, targeting Visa with a fake email alert that leads to a page hosting not only a Trojan-Backdoor-Zbot installer, but that performs a drive-by download as well. This is the second time in less than a month that malware distributors have targeted Visa; Just before Thanksgiving, we saw a similar scam involving links to bunk Verified By Visa Web pages. I’d say it’s ironic that […]

Continue Reading »

Bogus “New Moon” Torrents Lead to Malware

by

A week since the file-sharing clearinghouse Mininova changed its business model and deleted links to copyrighted material being shared over the peer-to-peer Bittorrent network, malware distributors continue to exploit the confusion as people who download movies, TV shows, and other shared files seek out new sources for those files. As a torrent search engine, Mininova had to deal with a significant number of malicious torrents posted to their site each day. The service had a reputation for rapidly deleting torrents which led to Trojaned applications, or maliciously crafted media files that lead file-sharing enthusiasts into infections. But in the ensuing […]

Continue Reading »