A False Virtual Postcard Tries To Infect Computers Using The

A False Virtual Postcard Tries To Infect Computers Using The Same Bait As The LoveLetter Worm

Published 26th September 2006

PandaLabs has detected false virtual postcard messages that aim to infect computers with Dadobra.ND (a downloader Trojan) and Banbra.CLQ (a banking Trojan). The cyber-criminal that has sent these messages has tried to imitate probably one of the most infamous computer worms in history: Loveletter. Like this worm, the subject of the email message carrying the virtual postcard is: “Te Amo” (I love you).

As well as the feature described above, the message tries to trick users by spoofing the image of a well-known perfectly legitimate virtual postcard service, in an attempt to prevent users suspecting that it is a computer attack. The postcard received is a perfect copy of those sent by this service, down to the last detail. However, the link to view it has been modified, so that when the user clicks on it, a malicious file is downloaded, which claims to contain the greeting.

If this file is run, Dadobra.ND, a downloader Trojan, is downloaded to the computer, whose objective is to download the Banbra.CLQ Trojan, designed to steal confidential data from certain Brazilian online bank services.

What’s more, the email also has an uncommon characteristic: not content with trying to obtain money through scams with stolen bank details, the author makes sure that the email address to which the message is sent is completely operational. To do this, the downloaded file has been hosted in the servers of another completely legitimate Internet Service, which allows users to send files to several recipients at the same time. This service allows the files sent to be tracked, and therefore, when the user downloads the file, the validity of the email address is confirmed. This will allow the cyber-criminal to carry out future attacks more accurately.

“Cyber-criminals are immersed in an authentic race against the clock to find more effective attack methods and techniques that allow them to easily obtain money. In this case, it is a hybrid between a phishing message and a typical infected email message. The worrying thing is that it is a new social engineering method and it won't be long before other cyber-criminals take advantage of it," says Luis Corrons, director of PandaLabs.

Panda Software recommends using security solutions that incorporate proactive technologies, capable of detecting malware without needing updates. This avoids the limitations of traditional antivirus programs, which only detect and block previously identified threats. For more information about how proactive technologies work, visit http://www.pandasoftware.com/truprevent

To help as many users as possible scan and disinfect their systems, Panda Software offers its free, online anti-malware solution, Panda ActiveScan, which now also detects spyware, at http://www.activescan.com. Webmasters who would like to include ActiveScan on their websites can get the HTML code, free from http://www.pandasoftware.com/partners/webmasters/.