12345

7/26/2011

[Warning] Spreading malicious e-mail with the content of credit card suspension

1. Introduction

Inflowing malicious e-mails masqueraded with the contents of credit card suspension are prevalent in these days, so that users who have credit card especially in overseas’ need special attention about prevalent malicious e-mail.
This malicious e-mail was written from overseas country though; those have been being sent in Korea via e-mail.


Because it was disguised as a "Credit card suspension information mail", in case of general credit card holder, they can see the mail and download and execute attachments without doubt.

2. Spreading path and symptoms of infection

This kind of malicious e-mail can be received on using internet by personal e-mail account information leakage. In addition malicious file attached in e-mail can be downloaded including SNS, Instant messenger.
This following figure is the one of those e-mails.

  
* Similar malicious e-mails 



* Mail body

Subject: Your credit card has been blocked

Dear User,

ATTENTION : Your credit card is blocked!
With your credit card was removed $ 586,96
Possibly illegal operation!
More info in the attached file.
Immediately contact your bank.
Best wishes, VISA CUSTOMER SERVICES.

Attachments: sample.exe

Subject: MASTER CARD TEAM 03

Dear Consumer,
Your credit card is blocked!
Your credit card was withdrawn $ 5107,94
Possibly illegal operation!
More information in the attached file.
Instantly contact your bank.
Best Wishes, MASTER CARD Team.

Attachments: fedex78123.exe

This mail leads user to download attachments for getting more details about credit card suspension.

Those malicious e-mails may contain following files as an attachments.



These attachments’ file name may be changed in vary. The files attached malicious e-mail are usually fake anti-virus installation file. Detailed analysis is on process.

3. How to prevent

General user can hardly notice something happened in his PC while spreading malicious file with using social engineering.
To use PC safely from security threats of these malicious files, we recommend following tips "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.

Diagnosis name

- Trojan/W32.Agent.81408.MM
- Trojan/W32.Agent.79872.KV
- Trojan/W32.Agent.67584.OP

1 comment: