The Latest in IT Security

Phishing the night away

16
Sep
2011

Today I identified several phishing emails targeting the Royal Bank of Canada’s customers:

The above phish is the classic trick of sending you to a fake banking site and have you type your personal information (social engineering).

On the opposite, the following phish aims at having you run a file (social engineering + malware infection):

This Trojan is almost undetected by anti-virus software (VirusTotal 2/44) and yet performs some pretty nasty things. If you are interested in the full payload, here is a ThreatExpert report.

One of the interesting things it does is turn off Internet Explorer’s anti-phishing filer:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\PhishingFilter]
EnabledV8 = 0×00000000
ShownServiceDownBalloon = 0×00000000

It also copies an executable (VirusTotal 4/44) to all connected shares (worm-like behaviour) using the Autorun.inf file to auto-launch it.

Following that, it will contact a remote server (dbdata-check.com @ 95.57.120.143) located in Kazakhstan at regular intervals:

Jerome Segura

Leave a reply


Categories

TUESDAY, MARCH 19, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments