Spam Emails Impersonating Major Financial Institutions Spreading Upatre Downloader - Trend Micro
Security experts of security firm Trend Micro reveal that cyber crooks are distributing the infamous downloader namely 'Upatre' with the help of junk emails purporting to be from world-renowned financial firms like Wells Fargo and Lloyds TSB.
Trend Micro security experts observe that hoax emails notify recipients about a fresh secure message and they are directed to undo the .msg file in the attachment to witness the message.
The .msg file encloses another .msg file which conceals Upatre (TROY_UPATRE.YYKE) and this method probably is used to guarantee that the malware is not instantly detected by AV solutions.
The malware begins downloading additional threats the moment it infects a device, experts from Trend Micro highlight.
The sample studied by Trend Micro downloads a Zeus Trojan variant, TSPY_ZBOT.YYKE, which sequentially downloads a Necurs version, RTKT_NECURS.RBC.
Interestingly, Necurs is designed to immobilize security features on hijacked computers to make them open to additional infections.
Cyber crooks also used Upatre to distribute strains of ransomware like the notorious CryptoLocker.
UPATRE first arrived as an archived file attachment of spammed messages in October last year (2013), after the collapse of the infamous BHEK (Blackhole Exploit Kit). Trend Micro highlights that it triggers an infection chain when it opens involving malwares like ZBOT and CRILOCK.
After one month, cybercriminals soon increased the stake by using password-protected archives as email attachments. The email includes the password and instructions on how to use the contents of the attachment. The use of passwords is highly important because it adds a sense of authenticity to the message.
Blog.trendmicro.com published a statement on 4th April, 2014 quoting a blog commenting on the abovementioned 'Upatre' by Marilyn Melliang, Senior Threat research Engineer of Trend Micro as "Upatre's evolution is a testimony that threats will find fresh ways and methods to get through security solutions. Users should always be careful in dealing with unknown or unfamiliar emails, sites or files which could lead to threats. Users can protect their computers and data from threats by practicing safety steps such as using security solutions or double-checking of links and attachments".
» SPAMfighter News - 16-04-2014