Advertisement
Panda Security
OXYGEN 3, E-bulletin on IT security

"Believe those who are seeking the truth. Doubt those who find it"

André Paul Guillaume Gide (1869 - 1951) , French writer
(November 22 1869, Andre Guide was born)

 

Three malware types in a single strain

PandaLabs, Panda Security's laboratory for detecting and analyzing malware, has warned about the appearance of a fake email message from Brazil's Federal Police being used to spread Banbra.GDB. This new malware strain has characteristics of thee different types of malicious code: downloader Trojans, banker Trojans and spammer worms.

The fake message warns the victim that there is an investigation under way about why their IP address has been used for illegal activities. The message body also includes a link for more information about this investigation. If the user clicks the link, they will be taken to a website where they are encouraged to download a file. However, by downloading and running the file they will actually be letting malware into their computers.

The file is called "RELATORIO10937642008.exe" and downloads the "Navegador.exe" downloader Trojan into the system. This malicious code, in turn, drops the spammer worm and the banker Trojan into the computer.

All these items are then used to steal the email addresses of the infected user's contacts in order to send them an email message on friendship and subjects like:

  • os verdadeiros amigos deixam impressões... (True friends leave an impression...)
  • Amigo é coisa pra se guardar no peito!!! (Friends must be kept close to your heart)
  • O melhor espelho é um velho amigo... (The best mirror is a good friend)

    • "The reason for using an email on friendship instead of the fake message from the Federal Police is because the message will display the infected user's email address as the sender. So, people will receive an email from somebody they know on such an innocent-looking subject as friendship. They will most likely follow the link on the message, which will take them to a web page with an infected download. In this case, however, the page is not related to the Federal Police", explains Luis Corrons, Technical Director of PandaLabs.

    The malicious file distributed in these 'friendship' emails is the same one that was distributed in the first message. Consequently, the same actions will take place on the affected computers: downloading of other malicious files, theft of email addresses and sending of malicious messages to them, etc.

    For more information about this malware strain, go to the PandaLabs blog: http://pandalabs.pandasecurity.com/archive/Fake-Email-of-the-Federal-Police-of-Brazil-_2800_-Computer-crimes-investigation-unit-_2900_.aspx

    You can receive the Panda Security news automatically by adding this URL (http://feeds.feedburner.com/PandaSecurity) to your feed reader.

    For up-to-date computer security news go to the Panda Security Twitter.
    www.pandasecurity.com
     
    Panda protect your privacity.
    To unsubscribe from Oxygen3, please click here.    		 © Panda 2008