Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

Tragedy of Chilean Miners Exploited to Spread Malware

Panda Security's antimalware laboratory PandaLabs has discovered a new malicious code named Banbra.GUC, which entices users through a YouTube video regarding the rescue of miners trapped in Chile mines.

Banbra.GUC is the latest variant of the notorious Banbra Group of banker Trojans, which first detected in the year 2003 and devised to hack user information while visiting some malicious websites.

When the video file runs, the Internet Explorer browser opens and display a YouTube video of a certain news channel regarding the rescue of the miners trapped in a Chilean mine few days back. However, this is only a trap.

When the users are viewing the video, the Trojan gets uploaded on their computers and creates a copy of itself. Besides, a Windows Registry entry runs automatically as soon as the computer gets started. In this restart procedure, it gets connected to a FTP server, and various executable files are downloaded from it, which are then saved on the computer.

These downloaded files include fake websites, which duplicate the content and format of the authentic websites that belong to the infected services, e.g. many banks in Brazil, Hotmail and social networking site 'Orkut'.

The banks in Brazil got affected are - Banco do Brasil, Banco Real, Banco Santander Brasil, Bradesco, Caixa Brasil, Itaú AND Unibanco.

If an affected user visits any of these mentioned pages, Banbra.GUC start downloading few executable files which imitate the bank's page. As soon as the users enter their login information, the executable stops and the users are redirected to the bank's original page. After this, the Trojan sends all the stolen details to its creator through email.

Luis Corrons, Technical Director of PandaLabs, reveals that this Trojan is particularly dangerous because apart from stealing the bank details, it downloads various malware controlled by the cyber-criminals, as reported by Help Net Security on 2nd September, 2010.

He also adds that the users should be more careful as this kind of Trojan is generally spread through emails or on social networking sites, containing links which seem to direct towards a YouTube video. In reality, the Trojan gets downloaded to the computer. Here, the Trojan plays the video to avoid any doubt.

Related article: TRUSTe Certified Websites May Still Contain Malware

» SPAMfighter News - 17-09-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next