SophosLabs blog

Yes folks, those bank phishers have not given up and are constantly finding new ways to steal your banking details.

SophosLabs analysts received yet another sample (detected as Troj/Qhosts-AT)
manifesting itself as a Hallmark e-card attachment. True, this sort of ruse does get old pretty quickly as can be seen from other previous ecard campaigns but it still appears to be catching some people unawares.

When the sample is run, it cleverly tries to open the real legitimate Hallmark webpage to obfuscate its intentions. But this Trojan has a new trick up its sleeve - it nefariously enters a few additional entries to your HOSTS file and promptly terminates.

What’s a couple of new entries, you say?

A lot. If they happen to be banking websites.

These entries specifically target online banking websites like the Abbey Bank and its subsidiary division, Cahoot from the United Kingdom and the Commonwealth Bank in Australia. So if a user attempts to access any of these banking websites, he or she will instead be redirected to a fake banking website (see attached image below) where the phishers lie waiting, hoping to harvest your confidential banking details.

It is thus always wise to practise good computer security habits. When someone sends you an ecard with an attachment, it always pays to be skeptical especially when it is from someone you do not know.

Because all it takes is an innocent click and you can pretty much guarantee that it is not Lewis Hamilton that is taking you for a ride the next time you do your online banking.

Posted on June 5th, 2009 by CheeHui, SophosLabs AU
Filed under: General

                                         

Windows 7 security - A great leap forward or business as usual?

Related posts

• Phishing dilemma
• All your Bank are belong to us
• Driveby installer targets Australian bank customers
• SMS message saying bank details on the internet are malicious
• When a bank site hosts a phish