SophosLabs blog

SophosLabs has received a disturbing report from a UK Local Government customer which we feel need a wider audience.

People are receiving SMS messages saying that their bank details are on the internet. These text messages are 100% malicious in nature and users should not follow the links.

The report from the local government states:

The user received an SMS message to say that his bank account details had been posted on the Internet and gave him a URL to go to. He attempted to access the site using a library PC but failed and queried the librarian about the security on the PC who raised a support call with us.

and

The obfuscated script inserts an iframe which attempts to download malware which Sophos blocks.

I haven’t seen details of a scam like this before and have looked for a site on which to report it without success. I’m assuming you’ll know what to do with it.

So, what are we at SophosLabs doing about it?

• Making the general public aware of this malicious attack
• Adding detection and blocking for the malicious website
• Making samples available for security professionals via the usual channels

SophosLabs will be publishing detection for the malicious website as Troj/Iframe-BS and the malware that Sophos already blocked was detected as Troj/PDFJs-B.

Posted on March 25th, 2009 by Pob, SophosLabs, UK
Filed under: Malware, Mobile, Web

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Winds of change
• Famous chip shop website battered by malicious Iframe injection
• The Truth is that legitimate websites are serving malicious content
• Death of the internet?
• When a bank site hosts a phish