More Portuguese banking malware spam

Remember the spoof Symantec application spammed out to Portugese users we blogged about yesterday? Well, today I have noticed the same attack continuing, though the attackers have changed the spam message social engineering. It now targets Portugese UOL Cartoes users.

spoof3.png

The link the victims are enticed to click on points to the same compromised domain as yesterday, but to a different file this time.

www.[legit-domain].cz/[Uol_email-Imagem].exe

Once again, this is a downloader Trojan, again proactively detected as Mal/DelpDldr-C. Though not identical, it is similar to the downloader we saw yesterday. It downloads an additional file to those we observed with yesterday’s Trojan – ashset.exe. Happily this is proactively detected as Mal/Behav-103.