News: More Banking Scam Trojan Spam
There’s more spam-trojan-banking scams around: these are emails that look like legit communications from your bank manager. Australia is the probably source of a new one discovered in the last 24 hours, according to MessageLabs, which at least looks plausible because it says your credit application has been rejected. (I know the feeling.)
If activated (in other words, if you click on the attachment) the trojan will try to download a further component from a free hosting website located in Russia. After activation, this trojan copies itself to the Windows System folder and installs a .DLL file, which enables the trojan to acts as a proxy server; i.e. it allows someone to channel any Internet activities through the infected computer without the recipient’s knowledge. Non of this is unusual, but I am not sure about this bit: the channel between the remote computer — the Russian one — and the infected computer is also encrypted. Sneaky.
Here’s an example of what it looks like:
From: “Account Manager” <firstname.lastname@example.org>
Subject: Re: Your credit application
Thank you for your online application for a Home Equity Loan. In order to be approved for any loan application we pull your Credit Profile and Chexsystems information, which didn’t satisfy our minimum needs. Consequently, we regret to say that we cannot approve you for Home Equity Loan at this time.*Attached are copy of your Credit Profile and Your Application that you submitted with us. Please take a close look at it, you will receive
hard copy by mail withing [sic] next few days.Attachment: www.citybankhomeloan.htm.pif (6,176 bytes) [NB: spelling of citybank vs. citibank]
You’ve been warned.