An email claiming to be from an anti-spyware company is being used to spread a new Trojan-downloader, according to on-demand security services company, BlackSpider Technologies.
The email is a classic example of social engineering. It is purportedly from the customer service department of a legitimate anti-spyware company confirming subscription to one of its products and the deduction of Ј90.39 from the recipient’s credit card account. The email claims that the attachment contains the detailed invoice – when the attachment is opened, however, Trojan-Downloader.Win32.Banload.apl is downloaded. The Trojan can then be used to download new malware on to the PC.
The virus enjoyed a window of exposure of three hours: the email was first seen by BlackSpider at 8.45am today (19 May) and 50,000 of the virus-laden emails were sent to UK businesses before it was finally patched at 11.45am.
James Kay, CTO, BlackSpider Technologies, comments: “It’s a great piece of social engineering that shows how sharp virus writers are. They’re using the growing awareness of the threats of spyware to download a Trojan, which may later be used to download spyware. The actual email also looks very professional – it’s well written and the grammar is sound; and it claims to have already debited cash from the recipient’s account. It’s got all the key ingredients needed to dupe someone.”