Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Spam Emails Impersonating Major Financial Institutions Spreading Upatre Downloader - Trend Micro

Security experts of security firm Trend Micro reveal that cyber crooks are distributing the infamous downloader namely 'Upatre' with the help of junk emails purporting to be from world-renowned financial firms like Wells Fargo and Lloyds TSB.

Trend Micro security experts observe that hoax emails notify recipients about a fresh secure message and they are directed to undo the .msg file in the attachment to witness the message.

The .msg file encloses another .msg file which conceals Upatre (TROY_UPATRE.YYKE) and this method probably is used to guarantee that the malware is not instantly detected by AV solutions.

The malware begins downloading additional threats the moment it infects a device, experts from Trend Micro highlight.

The sample studied by Trend Micro downloads a Zeus Trojan variant, TSPY_ZBOT.YYKE, which sequentially downloads a Necurs version, RTKT_NECURS.RBC.

Interestingly, Necurs is designed to immobilize security features on hijacked computers to make them open to additional infections.

Cyber crooks also used Upatre to distribute strains of ransomware like the notorious CryptoLocker.

UPATRE first arrived as an archived file attachment of spammed messages in October last year (2013), after the collapse of the infamous BHEK (Blackhole Exploit Kit). Trend Micro highlights that it triggers an infection chain when it opens involving malwares like ZBOT and CRILOCK.

After one month, cybercriminals soon increased the stake by using password-protected archives as email attachments. The email includes the password and instructions on how to use the contents of the attachment. The use of passwords is highly important because it adds a sense of authenticity to the message.

Blog.trendmicro.com published a statement on 4th April, 2014 quoting a blog commenting on the abovementioned 'Upatre' by Marilyn Melliang, Senior Threat research Engineer of Trend Micro as "Upatre's evolution is a testimony that threats will find fresh ways and methods to get through security solutions. Users should always be careful in dealing with unknown or unfamiliar emails, sites or files which could lead to threats. Users can protect their computers and data from threats by practicing safety steps such as using security solutions or double-checking of links and attachments".

» SPAMfighter News - 4/16/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page