Malware Tries Out Open Sesame Tactics

Message advertising a Strong Password Generator actually delivers a Trojan

“Choose a strong password! Not one for all, but one for EACH account that you have!”. This is one of the oldest pieces of advice in the book of Internet wisdom (and, probably, by now, what your ma tells you once she’s made sure you DO eat an apple a day).

But cybercriminals have their own version of this nice book and, when it comes to password safety, it says: “Beat honest and least-effort-seeking users to it and go make a strong password generator”.

This story is a classic: users receive an unsolicited e-mail announcing the creation of this marvel of science that will help them keep all online accounts safe from any harm.

A direct link is provided, and recipients are advised to follow it to download the promised software. Once they click the link, they are redirected to a site hosting a fake application which infects their systems with malware.

Identified by Bitdefender as a variant of Kazy Trojan, the application is a Downloader protected with Enigma Protector, that apparently downloads a .gif file (in fact, the .gif is an executable). The downloaded executable is saved as “iexplorer.exe” and started immediately.

The downloaded file is a banker protected with Enigma Protecter as well. It saves itself as an anti-virus file (i.e: avg.exe, nod32.exe, etc).

It drops online banking lookalikes designed to dupe the customers of various banks –  Banco do Brasil, Internet Banking Caixa, Bradesco Internet Banking, Itau – and to steal the corresponding login credentials. At the same time, it starts deleting different files that are part of various AVs and anti-fraud solutions.

In order to stay safe, Bitdefender recommends you never open files without checking them for malware, and that you install and update a complete internet security solution.

About the author

Sabina DATCU

Sabina Datcu, PhD has background training in Applied Informatics and Statistics, Biology and Foreign Languages and Literatures. In 2003 she obtained a master degree in Systems Ecology and in 2009 a PhD degree in Applied Informatics and Statistics.
Since 2001, she was involved in University of Bucharest's FP 5 and FP6 European projects, as researcher in Information and Knowledge Management field.

In 2009, she joined the E-Threat Analysis and Communication Team at BitDefender as technology writer and researcher, and started to write a wide range of IT&C security-related content, from malware, spam and phishing alerts to technical whitepapers and press releases.