Hi, If you receive an EMail claiming to show an "online statement" from VISA, beware - you'll be walking into a trap of the "horrible infection file" variety.
A website (with a .co.uk domain but hosted in India) is playing host to the following fake setup, asking you to download an "electronic report" of your card transactions in relation to fraudulent transactions: <http://www.flickr.com/photos/paperghost/4175381704/> Zbot Visa EXE originally uploaded by Paper Ghost Of course, the "statement" is in the form of an executable related to our old friend Zbot, which has been spammed out in every form of scam possible, from fake Windows and Outlook updates to phish attacks and server updates. Should you download and run it, your PC will immediately start making calls to the following domain: [image: zbvisa2.jpg] That particular URL has been linked to Zeus Botnet C&C and other dubious practices - currently, it appears to be offline. The infected PC will have a file called SDRA64.exe running in the System32 Folder, which is a rather nasty little thing <http://www.threatexpert.com/files/sdra64.exe.html>associated with everything from Banking Data theft to keylogging and IRC. The good news is, that particular file has been around for a while so detection levels across the board should be pretty good at this point (I'd double check with Virustotal, but I'm not alone in having some issues with that site at present). Never, ever download an executable file mentioned in an EMail claiming to be from your bank - you'll end up in a world of hurt. We detect the file as CardStatement.exe A huge thank you to Senior Threat Researcher Peter Jayaraj for his late night assistance with this one! -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
