An attack in many disguises

Week by week, cybercriminals dress one of their infamous creations in a different costume, VirusBuster's experts report. The malware Trojan.FraudLoad has been distributed in e-mail messages pretending to have come from DHL, Facebook, Microsoft, and then, most recently, the user's own internet provider.

"The latest scam is more dangerous than the previous ones, because the messages carrying the malicious load are customized", warns Gábor Szappanos, the head of VirusBuster's virus lab. "According to the text, the settings of one of the user's mailboxes have been changed, and the new parameters can be found in the attached .zip file. The disguise looks quite authentic, since the message contains the domain name of the user's e-mail address, e.g. the copies trapped by VirusBuster referred to addresses ending in virusbuster.hu."

In reality, the attached .zip file contains the malware called Trojan.FraudLoad, a malicious program belonging to the class of trojan downloaders. Trojans are programs, which pretend to serve users, but in fact they are designed to cheat them. Once installed, a downloader will download other malware on the victim's machine.

Therefore, the Hungary-based specialist of computer security advises users not to open the attachment of such messages. "As always, we strongly recommend users to keep their antivirus program up-to-date, and install security patches as soon as they are released by software vendors", adds Gábor Szappanos.