Wednesday, June 2, 2010

“Tequila Botnet” Targets Mexican Users

Senior Threat Researcher Ranieri Romera writes in Trend Micro blog about botnet that is targeting Mexican users, particularly PayPal's local site and Bancomer that is the biggest bank in Mexico. Client program of Tequila botnet can arrive to user's computer via different ways.

First, it takes advantage of the news about missing four-year-old girl, Paulette Gebara Farah. Users who are following the said news may fall prey to this attack by visiting the page http://www.knijo.{BLOCKED}0.net/fotografias-al-desnudo-de-la-mama-de-paulette.htm which contains an article about Paulette and claims to show nude photos of her mother. When user arrives at the page one is shown fake dialog trying to make user install "Adobe Flash Player". If user clicks "run" one is led to the download of the file video-de-la-mama-de-paulette.exe that is actually client of a bot detected as TSPY_MEXBANK.A by Trend Micro. Among spreading via malicious webpages the Tequila botnet may spread itself via USB devices and via MSN Messenger as well. It sends messages that either contain the file itself (as an attachment of sorts) or links that go to copies of the malware.

The whole blog post with more detailed description of Tequila botnet can be read here.

No comments: