South Korean Banking Clients Diverted onto Phishing Website via New Trojan; Trend Micro

Trend Micro the security company says that its researchers have stumbled upon one malware strain which diverts Internauts accessing many banks in South Korea for transactions onto certain phishing site, which dupes visitors into divulging their financial as well as other personal information.

The malware, a Trojan horse, accomplishes its malicious task by recreating HOSTS file of the infected computer followed with diverting users onto one Japan-situated Internet Protocol (IP) address.

The Trojan, according to Trend Micro, has been identified as TSPY_QHOST.QFB. Moreover, Trend Micro also identified another file within the malware batch that really altered HOSTS file and dubbed it BAT_QHOST.QFB. The security company outlines that other banker Trojans have been utilizing the above phishing method since many years.

Now, when a victim lands on the spoofed website, he's inquired a few queries regarding computer security and soon thereafter he's directed for acquiring one security certificate.

Here starts the trick. Unwitting end-users may become convinced that they require answering the queries put and so hit on the links. At first, they'd get taken onto another web-page, which would enquire to provide their name along with the registration number of their Korean residence-ship. Following this one more web-page would enquire for still further details (account number, user ID and password, account password, mobile phone-number as well as certificate password).

Threats Analyst Roddell Santos of Trend Micro remarked that the above kind of phishing websites exploited people's trustworthiness about their banks while extracting their private and financial details. They were tricked into believing that they were providing the details asked, on their banks' genuine websites, while such wasn't the case. The details actually landed into the attackers' grasp through the malware they created, Santos explained. Softpedia.com published this dated June 14, 2013.

Santos further explained that although the above tactic demonstrated an evolution with regards to the selected entities attacked, in the current instance the malware wasn't yet similarly sophisticated as those normally utilized in other instances. Further, there had been multiple instances lately when banking malware employing different techniques were observed to 'phish' data off Korean customers, he added. Blog.trendmicro.com published this dated June 14, 2013.

» SPAMfighter News - 6/24/2013