Security Response

The application's digital signature cannot be verified. Do you want to run the application?

By: Rodrigo Calvo, CISSP
      Sebastian Brenner, CISSP

Infostealer.Bancos is a detection name used by Symantec to identify particular malicious software programs that gather confidential financial information from compromised computers. It first appeared in the summer of 2003 and targeted mainly Brazilian banks. Initially, these Trojans targeted one particular financial institution per variant. However, this method was not always successful. Therefore, in order to increase the success rate, the malware authors began targeting multiple financial institutions per variant. As such, Infostealer.Bancos branched out to include other Latin American banks.

The Old Trick: Social Engineering

Recently, we have received alerts from customers in Latin America regarding email messages containing suspicious...

The five-time Grammy award winner Amy Winehouse was found dead in London on July 23rd. Symantec has already observed spammers who are trying to capitalize on related news headlines by sending out malicious threats less than a day after the news was released.

The two samples given below are examples that we have observed. These Portuguese-language attacks use similar spam techniques. All samples are sent from randomized individual email accounts with various subject lines related to the celebrity’s death in an attempt to lure interested readers to open a malicious URL. Immediately after the link is clicked, a pop-up window is shown, which asks users to download a file that is loosely disguised as an image or video file, for example (anything other than an executable).

The file is given a name that is related to the celebrity, and of course isn’t an image or video file, but a malicious binary. Symantec has detected the threats in these samples as...

Symantec’s telemetry has shown over 12 million Intrusion Prevention Signature (IPS) hits on sub domains of the ‘CO.CC’ domain in the last six months. Anyone somewhat familiar with the top-level domain-naming hierarchy might be lead to believe that CO.CC is actually an official second-level domain similar to CO.UK; this, however, is not the case. .CC is the Internet country code top-level domain (ccTLD) for Cocos (Keeling) Islands...

Banking Trojans are nothing new. They have been around for many years, considering detections such as the Infostealer.Bancos family date back to 2003. As more and more people moved to perform banking transactions online, Bancos created a huge and lucrative target for would be criminals to exploit.

Traditionally, banking Trojans typically just captured data traffic exchanged between the user and the online banking website. The captured information included the authentication information, which is collected and sent to the attacker by the Trojan for their use or to sell on to other parties for a profit. For as long as there has been banking Trojans, there has been a cat and mouse game between the banks and the criminals as each side respond to each other’s move to thwart the actions of the other. More sophisticated banking Trojans employ a man-in-the-browser (MITB) method...