New Trojan 'Phishing' for bank details
New Trojan 'Phishing' for bank details
A new Trojan that attempts to dupe recipients into disclosing their bank account details is doing the rounds, an anti-virus company has warned.
Sophos has advised users to be on guard against the Mmdload Trojan, which comes in the shape of a zipped attachment in an email which carries exactly the same subject line and text used by the recent Mimail-N worm. The message offers the chance to win a cash prize which will be placed directly into their bank accounts, with the recipients asked to fill out the online form asking for personal financial details to be eligible to win.
Once the attachment is unzipped and its file, PAYPAL.exe, is launched, the Trojan attempts to contact a Russian website, www.aquarium-fish.ru, to download a copy of Mimail-N giving it a new lease of life by enabling it to bypass email gateway protection. This is the same website to which Mimail-N worm attempts to send the completed PayPal online payment service forms.
The practice of bogus emails and websites posing as genuine financial institutions in order to fraudulently obtain customers' personal details is known as phishing. It is a growing problem in cyberspace, with a number of banks – both here in Australia and around the world – having been targeted for such scams.
"This is the latest Trojan 'phishing' for personal financial data," said Carole Theriault, security consultant at Sophos. "The malicious coders know that not everyone who receives the email will be a PayPal customer, but similar to the mindset of spammers, if only a few people fall for the ruse, there is an opportunity to drain bank accounts."
To defend against Mmdload and other programs of its ilk, Sophos recommends that companies consider blocking all programs at the email gateway. It is rarely necessary to allow users to receive programs via email from the outside world. There is so little to lose, and so much to gain simply by blocking all emailed programs, regardless of whether they contain viruses or not.
"Best practice for business should include automatic blocking of all executable code at the email gateway," continued Theriault. "Reputable companies do not send out files in this way, and users should think twice before they click on unsolicited email messages."
Related Article: