Banco do Brasil: a well targeted institution
The Banker Trojan… and its deep Brazilian roots. I feel for those Banco do Brasil customers.
The latest file comes from:
www.bancodobrasii.net/Componente_Adicional
or more precisely from 203.143.180.34/webilg/images/componente_seguranca.exe
This is a program that supposedly makes your online banking more secure (or so it says).
The idea is good (especially that Virtual Keyboard) but not if the credentials are sent to the bad guys.
Our analysis tool reveals how many ‘hooks’ the file is creating.
Virus Total detection:
Jerome Segura
Malware ID: 89c100064db6a78c73a68ca86d4633bc.zip
|
Chica del mes malware
This time it is Hispanic malware I’m going to talk about.
A porn site in Spanish language loads other pages as ‘pop under’.
Warning, offensing language.
The site chicadelmes.com hosts malware:
In the form of another pop under:
chicadelmes.com/peliculas-porno-gratis.exe
Jerome Segura
Malware ID: ebdfd63d41a64006e8dda6fe4c952632.zip
|
Defaced Brazilian site pushes Brazilian malware
It’s all very Brazilian 
The malware file comes from a PHP page off that site. It’s supposed to be a “PowerPoint presentation” with a name like Antivir.exe… what gives?
Banker Trojan:
Jerome Segura
Malware ID: 037046cd3f98542f23d0a2748fb009ad.zip
|
