Latest Trojan 'Phishes' For Personal Data

Mmdload-A was distributed apparently through a mass mailing in an attempt to trick people into downloading the recently discovered Mimail-N worm, Sophos said.

The trojan is the latest looking to gather PC users' personal financial data, so that "the bad guys can completely drain their bank accounts," Chris Belthoff, senior security analyst at the Lynnfield, Mass.-based company, said.

Mmdload arrives as a zipped attachment in an email that carries the same subject line and text as the Mimail worm. The message offers recipients the chance of winning cash, which will be deposited directly in their bank accounts, if they fill out the attached form.

Clicking on the attachment launches a program named PAYPAL.exe that contacts a Russian web site, www.aquarium-fish.ru, to download the Mimail worm. The site is the same used by Mimail to send completed forms disguised as coming from PayPal, an online payment service.

id
unit-1659132512259
type
Sponsored post

Besides displaying the forms asking for financial information, the worm also sends copies of the trojan and its attachment to email addresses it steals from the infected PC.

To defend against Mmdload and other malicious code, Sophos recommends companies consider blocking all programs at the email gateway. For most businesses, it's rare for employees to receive a legitimate program from the outside via email.

To catch the latest trojan, however, the gateways would also have to scan incoming zip files for executables.

"Companies using applications that only scan for executables based on extensions, they won't catch this because it's in a zip file," Belthoff said. "But if you can scan inside a zip file, which more and more people are doing, you should be able to stop this right at the gateway."

Nevertheless, educating the PC user remains crucial to avoiding infection.

"End users need to be educated not to respond to these messages," Belthoff said.

For more security news, see CRN's security news center.

This story courtesy of TechWeb.