Tue, Nov 20 2007 16:06
Tabasco state/Banamex email lure banker trojan
Websense® Security Labs™ has discovered emails that claim to
solicit humanitarian support for flood victims in the state of Tabasco,
Mexico. If users click an embedded link, they are prompted to download
a banker Trojan horse, disguised as an HTML file. The file is displayed
with the blue Internet Explorer icon. When a user opens the file, the
Trojan horse modifies the hosts file to replace the legitimate Banamex
with the IP address of a host controlled by the attacker.
If users attempt to go to the Banamex site, they receive no visual
indicators that they are not at a legitimate site. The phishing
toolbars that were tested did not detect this fake site as a fraud.
Neither the downloaded banker Trojan horse nor the subsequent
executable that it drops (win32.exe) are detected as malicious by the
32 anti-virus products tested.
Filed under: Alerts