This fake email seems to be sent from the Computer crimes investigation unit of the Brazilian federal police department. It pretends to frighten users by accussing them of having accessed to ilegal websites from their computer and entices them to view the report by following a link. However, it is just another bait used by the cyber-crooks to install in our computers a worm related with banking entities.

This "police report" which we have called W32/Banbra.GDB.worm, initially works as if it were a Trojan downloader, allowing it to download the rest of the components of the worm.

The main feature of the worms is to spread themselves, but this malware is also designed to carry out more malicious actions. On the one hand, it downloads from different domains located in Brazil & United States the configuration files to create the spam messages that will be sent to other users, and on the other, it is activated when the user accesses the website of a certain Brazilian banking entity in order to obtain the access data to such bank.