Bank Customers in Spain Subjected to Fresh E-Mail Assault

Security firm Trend Micro warns that one fresh e-mail scam laced with malware is presently attacking people with accounts in Spanish banks.

Apparently arriving from the National Police of Spain, the e-mails have a web-link leading onto one Trojan downloader that if executed loads a banker malware, which Trend Micro detected as TSPY_BANCOS.QSPN.

Interestingly, the e-mail attack involves legitimate websites hosting the central command-and-control (C&C) servers after the Internet sites have been hijacked.

Moreover, perpetrators of the scam litter the hijacked websites with special directories and implant malevolent codes on them. There's also a single domain from where all the compromised URLs are downloaded.

Security researchers remark that codes harbored on the said command-and-control domains transmit data the Trojan gathers onto a remotely controlled key server. Consequently, the assault becomes far more flexible, while it assists in effectively hiding the perpetrators of the same.

Essentially, an important task of the Trojan is to watch for browser requests that seek to access several financial institutions' websites like those of Bankinter, Banco Popular, Caixa, Cajasol and Western Union.

In case accessed, the TSPY_BANCOS.QSPN once again crafts a bogus web-page that executes phishing. Consequently, when a contaminated user attempts at going to one of the aforementioned real sites, the Trojan superimposes the bogus page onto that website. Further, it tries acquiring the user's card signature/code.

Notably, the bogus page seemingly appears official, yet it's really one complete image where the surfer can only click on the log-in part. And after he feeds each of the required detail, they entirely get transmitted to one extremely secret e-mail id, thanks to the Trojan, with the details ultimately landing into the grip of online-crooks.

Conclusively, Trend Micro states that though the assault in question may look like it's focused in Spain, users everywhere else too require being watchful and wary of these kinds of scams. Similar assaults along with other e-threats likely are approaching fields such as well-known social networks, web searches, or mailboxes. Nothing can be said as to who'd be victimized next. Therefore users must always be wary -an even more effective strategy compared to technical solutions.

Related article: Bank Issues Spam Alerts

» SPAMfighter News - 8/1/2011