Fake “Account Has Been Blocked” TLO Emails Carry Cridex Malware

The malicious element is designed to steal sensitive information from the victim's PC

By on December 11th, 2012 22:41 GMT

According to security experts from GFI Software, one of last week’s most prevalent spam campaigns leveraged the name of TLO, a company that provides investigative research and risk management solutions.

The bogus notifications, purporting to come from TLO’s Department of Investigation, only inform recipients that their accounts have been blocked. They also contain an email address and a phone number, but they appear to have nothing to do with the legitimate company.

Users who might be curious to see what this is all about and click on the “Details” link are taken to a website that hosts the Cridex worm.

Once it infects a computer, the malware is capable of stealing online banking credentials entered by users into web browsers, download and execute files, and even search and upload local files.

Comments