- Joined
- Mar 5, 2002
- Messages
- 25,751
- Reaction score
- 1,210
Yesterday, a Brazilian airliner (TAM) skidded off a runway at a Sao Paulo airport and crashed into a gas station and a TAM building, killing almost 200 passengers and employees.
While the whole world mourns for the loss of lives, cyber criminals are not wasting any time in exploiting this tragedy to spread malware, steal information and gain profit from it. Trend Micro detects this malware as TROJ_BANLOAD.CGL.
According to initial analysis by TrendLabs Threat Analyst Jhoevine Capicio, this malware arrives via spammed email messages that contain news about the said Brazilian tragedy and a link to a video. When users click on the link, they are directed to the following Web site and asked to run an EXE file (TROJ_BANLOAD.CGL), which in turn downloads a spyware:
This site appears to have been hacked by the malware author to host the Trojan. The spyware, on the other hand, connects to an FTP site where it uploads stolen information, mostly email addresses.
This Trojan also downloads the spyware TSPY_BANKER.JHR from another Web site. This Banload variant is reminiscent of last month’s TROJ_BANLOAD.CZE, which also downloads another BANKER variant. Malware authors are still on the money trail.
Users are advised to be wary of opening email messages they receive containing details about this recent tragedy.
Source: TrendMicro
While the whole world mourns for the loss of lives, cyber criminals are not wasting any time in exploiting this tragedy to spread malware, steal information and gain profit from it. Trend Micro detects this malware as TROJ_BANLOAD.CGL.
According to initial analysis by TrendLabs Threat Analyst Jhoevine Capicio, this malware arrives via spammed email messages that contain news about the said Brazilian tragedy and a link to a video. When users click on the link, they are directed to the following Web site and asked to run an EXE file (TROJ_BANLOAD.CGL), which in turn downloads a spyware:
This site appears to have been hacked by the malware author to host the Trojan. The spyware, on the other hand, connects to an FTP site where it uploads stolen information, mostly email addresses.
This Trojan also downloads the spyware TSPY_BANKER.JHR from another Web site. This Banload variant is reminiscent of last month’s TROJ_BANLOAD.CZE, which also downloads another BANKER variant. Malware authors are still on the money trail.
Users are advised to be wary of opening email messages they receive containing details about this recent tragedy.
Source: TrendMicro