14 DAY TRIAL // Security researchers from antivirus vendor Bitdefender warn of a new malware-distribution campaign that attempts to pass a computer trojan as open source antivirus software. Once installed on the computer, the malware directs browser requests to Paypal, Abbey and Halifax to phishing pages.
E-banking customers should avoid e-mails offering free downloads of an alleged open source antivirus program called Virus Doctor. "This Software has being Review and Accepted as Open Source Software with the Aid to provide full Support for all your online Security," the poorly written e-mail messages read.
Clicking on the included link to download a file named setup.exe is not a good idea, as it will actually serve a trojan installer, in the form of a self-extracting archive. "Its purpose is to replace the content of C:\WINDOWS\System32\drivers\etc and to alter the Web browser's behavior, by automatically loading maliciously crafted pages for phishing purposes of PayPal, Abbey and Halifax," the Bitdefender researchers explain.
When a user attempts to access the websites of these institutions from a computer infected with this malware, their browsing session is hijacked and they are redirected to domains registered in China and Korea. The fake pages ask users to input sensitive financial and personal details such as full name, address, credit card number, along with expiration date, CVV2 code and PIN.
If submitted, all the information is stored on servers under the control of the cybercriminals behind this scheme. One interesting aspect of the fake websites is that all the links in the menus are directing to the legit pages on the original Paypal, Abbey, or Halifax websites.
Another computer trojan that attempts to steal financial information by changing the normal browser behavior is Torpig. Launched in 2006, the Torpig trojan is said to have compromised some half a million banking details to date. This trojan watches for a list of e-banking websites and, if any of them is opened in the browser, it injects a rogue form asking users for sensitive information.
Given the success of Torpig, which, some could argue, employs less deceptive social engineering techniques than this latest threat, users should exercise extra caution. Use trusted sources, such as Softpedia, to download software instead of trusting links spammed through e-mails.