tumblr hit counter
espanol

Cybercriminals taking advantage of the Japanese earthquake

Mar 17

Yesterday we saw a message that promised to show you a video about the disaster after the earthquake and the tsunami. It included a link, that was an executable file:

http://<>/consulado/japones/urgente/desespero-da-equipe-de-resgate-ao-encontrar-milhares-de-corpos-816283hDGJDj36378.youtube.com-AVI.exe

This is just a downloader, that downloads and installs more malware in your computer. It also downloads a HOSTS file and overwrites in your computer to redirect the browser in case you visit any of the following web sites:

www.banespa.com.br

banespa.com.br

www.santander.com.br

santander.com.br

caixa.com.br

www.cef.gov.br

cef.gov.br

www.cef.com.br

www.caixa.gov.br

caixa.gov.br

www.caixa.com.br

live.com

www.live.com

www.msn.com

cef.com.br

internetbanking.caixa.gov.br

internetbanking.caixa.com.br

internetbanking.cef.gov.br

internetbanking.cef.com.br

www.e-gold.com.br

e-gold.com.br

www.e-gold.com

e-gold.com

www.bradescoprime.com.br

www.cetelem.com.br

cetelem.com.br

www.cartaoaura.com.br

msn.com

www.msn.com.br

login.live.com

cartaoaura.com.br

bradescoprime.com.br

www.itaupersonnalite.com.br

itaupersonnalite.com.br

americanexpress.com.br

www.sicredi.com.br

sicredi.com.br

portal.sicredi.com.br

www.realsecureweb.com.br

realsecureweb.com.br

www.hotmail.com

hotmail.com

www.americanexpress.com.br

www.americanexpress.com

www.real.com.br

www.bancoreal.com.br

real.com.br

bancoreal.com.br

www.hotmail.com.br

hotmail.com.br

itau.com.br

www.itau.com

itau.com

imagem.caixa.gov.br

imagem.caixa.com.br

imagem.cef.gov.br

imagem.cef.com.br

www.bradesco.com.br

bradesco.com.br

www.bradesco.com

bradesco.com

www.itau.com.br

www.realsecureweb.com.br

Taking a look at the URLs where the HOSTS file is located, we have found another directory in the same server that contains some highly suspicious folders:

This is what we see if we visit some of these folders:

These are phishing sites to steal your credentials. Don’t worry about this one, as since yesterday we are blocking the URLs and the malware was proactively detected with TruPrevent.

If you really want to help our Japanese friends, please click here and donate now.

Post to Twitter

  • (5) Comments

Trackbacks

  1. IT Secure Site » Cybercriminals taking advantage of the Japanese earthquake says:
    March 17, 2011 at 2:14 pm

    [...] (source: Panda) [...]

  2. Japan Tsunami video exploited by clickjackers says:
    March 18, 2011 at 1:19 am

    [...] Guys ! For continuation of thread I suggest to read this article: http://pandalabs.pandasecurity.com/c…se-earthquake/ Yesterday we saw a message that promised to show you a video about the disaster after the [...]

  3. Pandapersonligt » Karin säger: jordbävning i Japan innebär risker även på webben says:
    March 18, 2011 at 8:22 am

    [...] I princip jämt när det är något som engagerar alla och det skrivs mycket i media om så gör hackers vad de kan för att sprida skadlig kod på sajter som sätts upp för att locka trafik från de sökorden. Vår huvudkontor i Spanien har gjort en bloggpost till dettta (på engelska):  http://pandalabs.pandasecurity.com/cybercriminals-taking-advantage-of-the-japanese-earthquake/ [...]

  4. Cyber-Kriminelle nutzen Katastrophe in Japan aus | PandaNews says:
    March 21, 2011 at 8:44 am

    [...] http://pandalabs.pandasecurity.com/cybercriminals-taking-advantage-of-the-japanese-earthquake/ Weitere verwandte Artikel… [...]

  5. Japanese earthquake exploited by cyber-criminals | CyberSafety.co.za says:
    March 22, 2011 at 12:13 pm

    [...] http://pandalabs.pandasecurity.com/cybercriminals-taking-advantage-of-the-japanese-earthquake/ Share and Enjoy: [...]

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Become a fan!


    Panda Security on Facebook
    • -->

  • Popular Posts

  • Blogroll

  • Categories