Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« 419er Invokes the International Monetary Fund | Main | More Twitter Invitation Malware Lures »

September 30, 2009

The "Banks Documents" Malware Ploy

It arrives as a simple message "from" an address you don't recognize (a forged address at the University of Maryland in the sample I saw):

Subject: Good day

Here are your banks documents.

Attached to the message is a file (body.zip in the latest one I've seen). To the unsuspecting recipient comes questions such as, "How did some stranger get hold of my bank documents?" and "What information is in there that the stranger could see?" Unzipping the file and double-clicking the resulting .scr file poisons an unprotected PC with the Mytob worm, essentially offering up the PC to control by crooks.

Fortunately, the copy of the file I saw was detected by over 90% of the VirusTotal tests. But unless you pass every attachment through VirusTotal before opening it, you never know what lies inside a piece of attached malware. Nor can you rely on even the most up-to-date antivirus software to protect you from a sneak attack.

Posted on September 30, 2009 at 08:54 AM