Online Attacks Target Spanish Computer Users

Internet users in Spain have been hit by a wave of malicious attacks that try to gain access to their online banking information. Andrew Brandt, Senior Security Researcher at Webroot (an IT security vendor), said that the attack mainly targeted to install the Trojan-Backdoor-Zbot password malware on the Spaniards computers, as reported by infosecurity on June 23, 2010.

He also said that it also pointed towards the resurgence of attacks recorded throughout 2009 when hackers tried to convince innocent online users in various countries to install Zbot installers. These installers were hidden as transaction guide records and other critical financial documents.

The scammers have created a fake "Banco de España (BdE)" Website. The webpage was specifically designed in such a way that it closely resembled to the Spanish Central Bank website that seemed almost replica of the earlier bogus bank page used to propagate Zbot on the victims' computers.

The bogus Banco de España web page was hosted on a server located in Russia. It followed the same technique as many other Zbot campaigns followed.

As per the reports, the victim was provoked to install and open a file that contains financial statement. This malicious file described itself as "declaracion.exe," but in reality, it was the Zbot installer.

After the spreading of infection on computer and the installation of a keylogger from a web domain locate in Russia, the hackers wait for a victim to enter his/her internet bank accounts or other websites.

As in the case of previous Zbot bogus page campaigns, the website doesn't depend on the victim for downloading the Zbot installer. The users' computers could be infected by just visiting the bogus web page.

Brandt further notified that this was not the first time when this type of attacks came into notice. Earlier, this type of campaigns primarily targeted people in North America by masquerading the websites of The Bank of America, Visa, the American Bankers Association, the FDIC, NACHA, the IRS, as well as iTunes, Amazon.com, MySpace, Facebook, AOL, the Centers for Disease Control and Prevention, etc.

Related article: Online Card Fraud Shows Greater Tendency Than Chip and Pin

» SPAMfighter News - 7/2/2010