The Latest in IT Security

ForEx Stat Arb Malware disguised as PDF steals user data

20
Jun
2011

Statistical arbitrage (abbreviated as Stat Arb or StatArb) as opposed to (deterministic) arbitrage, is associated with the statistical mispricing of one or more assets based on the expected value of these assets. (So now you know.).

The attachment in the high-priority email below claims to be a plan for foreign exchange stat arb.

Once extracted – the attachment file named “Plan-2011-July.zip” reveals an executable file which pretends to be a PDF file (since it presents a PDF icon). Disguising a file as a PDF is a common trick of malware nowadays – users should be wary and should look at the complete file extension.

When the file is executed, it will show a non-malicious PDF file in a fake PDF reader window. The PDF file itself is downloaded from “http://www.people.[REMOVED].edu/~schernen/papers/convertibles.pdf”.

The malware then does the following:

  • Captures all keystrokes and activities as users browse the internet
  • Saves the stolen information in the file “%My Documents%\Microsoft Updates\updates2.txt”
  • Sends the keylogger file via e-mail to “wade[REMOVED][email protected]”.
  • Creates a copy of itself as “%My Documents%\Microsoft Updates\Microsoft-updates.exe”
  • Creates this autorun Registry for automatic execution at startup “HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, “Microsoft Updates” = “%My Documents%\Microsoft Updates\Microsoft-updates.exe”.

Command Antivirus detects this malware as W32/Trojan3.CPW.

On the subject of PDF malware we should point out that Adobe has released security updates for Adobe reader and Acrobat that address 13 vulnerabilities. See info here.

 

Leave a reply


Categories

MONDAY, AUGUST 02, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments