by Dave Michmerhuizen & Luis Chapetti – Security Researchers
The spam honeypots at Barracuda Labs have detected the first of what we suspect will be a wave of spam that takes advantage of the curiosity surrounding the death of Osama Bin Laden. Not so long ago spam emails would have been the first to exploit such a current event. However, as we posted recently, Facebook now has that distinction.
The spam offers up some pretty gruesome photos:
The Portuguese text reveals that these spams target residents of Brazil. A rough translation says that the photos visible in the email are not real, (they are indeed fake) but that real photographs are available from the attached link.
Following the attached link leads the user to malware, not photos, as shown here:
This should certainly ring all sorts of alarm bells. Users do not “Run” photos; however, this file is a version of Trojan.Banload, downloader which installs additional malware. As shown below, it downloads another file, a variant of Trojan.PWS.Banker, that settles onto the user’s PC and intercepts online banking usernames and passwords.
Once the banking Trojan is successfully installed, a message is sent back to the malware authors:
There are similar families of malware optimized for stealing online banking credentials from American and European computer users, and appealing social engineering strategies for delivering them, Osama Bin Laden’s death being only one of many. Do not open or run email attachments.
Barracuda Networks customers using the Barracuda Spam & Virus Firewall are protected from these emails.