Websense Securitylabs ™  has received reports of a Trojan which is related to an email that has been distributed, claiming that the Australian Prime Minister had suffered a heart attack.

The Trojan is formed by several different components. It basically monitors all your accesses to web pages and keeps track of them, keylogging everything you do. It contains a special module which it uses for phishing.  At the time of this alert there were more than 2500 infected victims.The affected banks are:

Westpac (Australia)
Kasikorn Bank (Thailand)
Banco de Valencia (Spain)
Commonwealth Bank (Australia)
BBVA (Spain)
Caja Madrid (Spain)
Bank of America (USA)
Unicaja (Spain)
Wells Fargo (USA)
Sparkasse (Germany)
Deutsche Bank (Germany)
Gad (Germany)
Commerz Bank (Germany)
Post Bank (Germany)

On the other hand, it installs a web server on the affected machine which allows the attacker to access that machine every time it is online. To achieve that, he/she has a control panel where he/she can have a full list of all the infected machines including IP address, country, ports he/she can use to access the machine to using different protocols, and even a link to google maps which will exactly point out where that IP is located.

We thank the AusCERT for providing the sample.

Google Maps Infection Locator:

Attackers Statistics Page:

You must be logged in to post a comment.