Alerts E-Threats

After Summer Malware Campaign Gets Users Infected

Malware attached to spam messages collects names and addresses for future spamy crusades

Summer time and vacation plans may appear to be all bliss, but don’t forget about your safety as danger takes the least expected and apparently harmless of forms.

This is a game where everybody loses except for the crook: the paying customers lose money, the impersonated or piggybacked companies lose credibility and customers, which, in the end, translates in money loss, as well.

A recent and aggressive summer lure that threatens the budget of all vacation goers is the so-called “refund” spam message. The user receives an e-mail from the hotel he has been or will be accommodated in informing him that there has been a problem with the money transaction between the hotel and the bank the customer is working with. The user is asked to fill-in an attached form that proves to be a downloader. High class hotels such as Marriott, Campton or Sheraton appeared in some of the titles of the spam e-mails to add to the credibility of its content.

The Trojan (identified by Bitdefender as Trojan.Generic.KD.301243) targets a variety of applications such as instant messenger, FTP clients and web browsers. It steals mainly e-mail passwords and FTP log-in data of prominent providers such as Gmail, OneCare, Live Messenger, FTP Commander Pro, FileZilla, etc.  The goal is pretty straight-forward: the gang behind this wants to gather as many contacts as possible in order to build a victim network that will probably be used in future malicious and spam campaigns. The collected FTP accounts will be used for hosting malware on the expenses of the victim.

Summer has been inspirational for crooks since a variety of approaches have been used to lure people into giving away sensitive data or money. As a common denominator, we’ve seen that users were mostly tricked to willingly disclose information or transfer money, rather than being subjected to a silent malware attack. Social engineering plays a significant role in the malware landscape today:  fake e-commerce sites, spoofed e-banking webpages and fake Apple stores in China are just a few examples of virtual hotspots that can ruin your summer holiday or leave you with no money in your account.

This article is based on the technical information provided courtesy of Răzvan Benchea, Bitdefender Virus Analyst.

All names and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.