TROJ_BANLOAD

Original issue date: July 24, 2007

It has been observed that Trojan named TROJ_BANLOAD is circulating in the wild via spam email messages or dropped by
other malware. It is exploiting Brazilian plane crash tragedy to compromise the system in order to steal information for some monetary gain purpose.

The Trojan arrives in spammed email messages which contain
news about the Brazilian tragedy and a link to a video. When a
user clicks on the provided link, it directs to a malicious website
to download and execute the trojan.

Upon execution, the trojan

• Tries to connect to some malicious website, to download another malware setup.exe and saves the file as WINSW.EXE on System root folder C:\ The said another malware is a spyware which steals personal and financial information of the affected system. This spyware further connects to an FTP site where it uploads stolen information such as email addresses.
  

Users are advised to implement following countermeasures:

• Keep up-to-date patches and fixes on the operating
  system and application software.
• Keep up-to-date Antivirus and Antispyware signatures.
• Do not visit untrusted websites.
• Do not follow links embedded in unsolicited emails.

References

http://blog.trendmicro.com/brazilian-plane-crashes2c
-new-malware-rises/
http://www.trendmicro.com/vinfo/virusencyclo/default5
.asp?VName=TROJ_BANLOAD.CGL

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003