12345

8/22/2012

[Warning] Detected malicious file disguised as of VISA card

1. Introduction

INCA Internet response team detected malicious file disguised as of VISA card. In case of this e-mail is usually being sent for overseas users. Not only for this, invoice information of global logistics company, request of changing password on certain web site including SNS, e-ticket and attachment of fake image file are booming for same purpose. In general, we have our credit card and VISA is one of famous brand of credit card, therefore; we might become potential victims.

Besides, this kind of e-mail can be sent as SPAM mail and infected PC can be another host for sending same mail.



[Warning] Malicious e-mails disguising as image file were found.

[Warning] Identified malicious file masqueraded as an e-mail attachment file.

[Caution] Malicious files disguising as sent logistics services companies



2. Spreading path and symptom of infection

This malicious file can be spread via attachment on e-mail and contains VISA related contents, its sender name is from LinkedIn. If a user who use both LinkedIn and VISA card service, potential risks will be higher.


E-mail is as following

From :
LinkedIn Password (password@linkedin.com) -> Fake address


Title :
 Your credit card has been blocked

Body :
 Dear Client,

CAUTION: Your credit card is locked!

Your credit card was withdrawn $ 424,13

Possibly illegal operation!

More info in the attached file.
 Immediately contact your bank .

Best Wishes, VISA Customer Services.

Attachment :
VisaCard-N47619822.zip

Attachment(VisaCard-N47619822.zip) contains malicious "VISA_ID48832743.exe" and its icon looks like MS Word file.


Upon executing "VISA_ID48832743.exe", user will be infected by malicious file and creates its clone on [Application Data] and execute.


And then, it will run normal "Explorer.exe" and try to access certain hosts. Finally it performs various malicious behaviors by C&C server.

Following figure shows accessing status.


3. Summary

Various cases of installing malicious files with disguised as credit card or normal notices from certain company are continuously detected. Therefore, users need to be careful from these security threats. To use PC safely from security threats of these malicious attachments, we recommend you download latest security updates and obey following "Security management tips" for general users.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.

INCA Internet (Security Response Center / Emergency Response Team) runs responding system against various security threats.
nProtect Anti-Virus/Spyware v3.0 diagnoses and treats various variant files.

Free installation link of nProtect AVS : http://avs.nprotect.com/

No comments:

Post a Comment