Home / mailingsPDF  

WSLabs, Malicious Website / Malicious Code: Halloween Deception: Information Stealing Trojan

Posted on 30 October 2007
Websense Security Lab

Websense® Security Labs(TM) has discovered a new Trojan Horse information stealer that is being emailed out as a Halloween Greeting Card in Mexico.

To date we have seen four unique sites being spammed out all with the same binary file. They were in Korea, Brazil, and Russia, and were all up and running at the time of this alert. The file is called "hallowenDay.exe" and has an MD5 of (65cd5a35bc70075f86cb6404f54d67b8). It is also poorly detected by anti-virus signatures.

Assuming users access the site and select to run the file a Trojan Horse is downloaded onto their machine which is designed to steal banking information from users, the file appears to also be packed with a unique custom packer.

We expect to see additional email lures and malicious websites on our radar with Halloween night quickly approaching. The email is written in HTML and has a variety of subject lines.

Email screenshot available within full alert.


For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=813

 

TOP