We received reports from some Segu-Info readers about a new campaign of malicious phishing emails. We have already reported on others from the same bank.
We would say that the target of attack of the criminals are clients of Banco do Brasil, but the reality is that anyone who receives the mail and deceived, or out of mere curiosity, clicks on the link could be infected with a banking Trojan.
Fake email with malicious link
The link in this fake email http://www.i[DELETED]es.be/graphics corresponds to an abused site. That link redirects, as seen below, to another site http://t[DELETED]ds.com/photo/blxg/[bb.com.br].exe from which the Trojan is downloaded, the [bb.com.br].exe file.
Some characteristics of the attack, which manages quite successfully to overcome several of the best anti-spam filters is that: a) very few emails are sent, b) the source IP of the mail does not have a bad reputation, and c) that the link included is from a reputable site that due to security flaws they have managed to abuse to use it.
From Segu-Info we have reported the case to Phishtank and also to Spamcop.
And a reminder to the most novice in these matters: banks never send emails of this type.
Raúl de la Redacción de Segu-Info
Leave your comment