解析者: Fjordan Allego

HSBC customers, and online banking users in general, are targets of phishing and online banking scams always. The spammed message we have seen targeting HSBC users poses as a reply to a supposedly earlier mail request from the recipient. The payment advice that is being referred to in the mail is an attachment, which Trend Micro detects as TROJ_UPATRE.YYSK.

Extracting the attachment leads the unsuspecting user to a file named CashPro, which looks like a PDF file. However, upon further checking, the attachment is actually the UPATRE malware. UPATRE is known to gather computer information. It is also known to download/be distributed with information theft malware such as ZBOT and DYRE.

Trend Micro products effectively blocks this malicious spam and its attachment.

 スパムブロック日時 : 2015年2月6日 8:00:00 GMT-8
 TMASE
  • TMASEエンジン:7.5
  • TMASEパターンバージョン:1308

関連マルウェア