PandaLabs has issued a public warning revealing that it has detected two malicious spam campaigns designed to harvest identity data. The massive attacks center on simulated credit card payments chargebacks and on notices of purchase confirmation. The spammed emails are in actuality vessels spreading the Downloader.KCC and Downloader.KBR Trojan horses. The social engineering schemes based on financial related incentives aim to determine the victims to follow through with the malicious instructions comprised in the messages.

"This is proving to be a quite effective form of social engineering. Instead of using other kinds of baits, the creator of these messages tries to alarm users by referring to purchases they have not made, or problems with the charges to their credit cards. Alarmed by the prospect of problems with their finances, the user reads through the email and opens the attached files, unaware of the consequences" explains Luis Corrons, director of PandaLabs.

In this case the unsolicited emails point eventual victims to the attached files. Once opened, the paycheck_322082.zip and the WC9921564.exe files the Downloader.KCC and Downloader.KBR compromise the machine downloading additional pieces of malware among which the Trojan Spyforms.A. The latter malicious software is designed to retrieve sensitive data from the infected computer.

"With the information obtained by Spyforms.A, a malicious user could commit identity theft and, for example, carry out all sorts of actions online passing themselves off as any of the affected users. For example, an attacker could commit financial fraud so that, in case of being prosecuted, authorities would focus on the user whose personal data has been used, whereas the real criminal will remain anonymous," concluded Corrons.