Fabio Assolini says - Sneaky Phishing Assault in Brazil May Cross Over to US Soon
A cleverly written phishing email is wandering in Brazil as of now, but, Fabio Assolini, Senior Security Researcher at Kaspersky Lab proposes this sneaky scam will more probably cross over to the US before long, reported scmagazine.com on November 7, 2013.
According to Assolini, the email written in Portuguese contains an attached file, "Comprovante_Internet_Banking.rtf," which in English means 'Receipt from Internet Banking'.
Internauts who unlock the attachment are offered a document which can be opened in MS Word and holds a small picture of a receipt together with a note telling the recipients to click the picture twice in order to view it in a bigger size.
Double-clicking the picture will show a message instructing users to unlock a .CPL (Combined Programming Language) file - and opening will execute malicious software that asks for credentials for banking and payments.
The .CPL file implanted within the RTF (Rich Text Format) file is a renowned Brazilian Trojan banker penned in Delphi having relations with Trojan.Win32.ChePro and if executed, it crashes numerous files through the machine to run the infection. Securelist.com published a blog of Assolini on 5th November, 2013 as 'Embedding maligned files into RTF or DOC files lets cyber crooks bypass email filtering by extensions or kinds; it also permits them to rupture the AV (anti-virus) recognition by signatures.
Scmagazine.com published news on 7th November, 2013 quoting a comment of Dmitry Bestuzhev, Head of the Global Research and Analysis Team of Kaspersky Lab, on the same attacks as "I am positive that the phishing attack will traverse to the US."
Bestuzhev said: "We are certain it will, but, currently the range of the assault will be restricted to the Portuguese speaking localities only. May be in advance, if Brazilian cyber crooks decide to attack US Banks, they may confine these assaults for the English-language people too."
Moreover, it is not the first time this year (2013) that malicious files flooded Brazilian users of computer as in March 2013, a total 11 unique malware files, many of which disguised as updates for Adobe products, were spotted on two Brazilian government websites by Trend Micro, a Security Firm.
» SPAMfighter News - 13-11-2013