Last week I was talking about how certain cybercriminals used social engineering techniques in order to spread their creations, and today I can show you yet another good example of this, showing how fast these guys react on any news to take advantage of the buzz. In this case they are using the recent death of the singer Amy Winehouse. The body was found last Saturday, and the very same day the most detected malware URL was this one:
http://removed/103684policia-inglesa-divulga-fotos-do-corpo-da-cantora-amy-winehouse-WVA.exe
The name of the file (in Brazilian Portuguese) says “English Police shows pictures of Amy Winehouse body”. The next day the very same URL was again the top detected one, which shows us how effective these techniques are. In fact this is not the first time the death of a famous person has been used to propagate malware; for example, when Michael Jackson died we could see the same kind of attacks.
This Trojan is just another banking Trojan targeting Brazilian banks. Once executed it copies itself as “googlepad.exe” and modifies the HOSTS file, so when the users try to visit some of the targeted websites he will be redirected to a fake one, where their credentials will be stolen. It does not only target financial companies, but also Hotmail users.
The Trojan is detected as Trj/Banbra.GBW.