PandaLabs has detected false virtual postcard messages that aim to infect computers with Dadobra.ND (a downloader Trojan) and Banbra.CLQ (a banking Trojan).
The cyber-criminal that has sent these messages has tried to imitate probably one of the most infamous computer worms in history: Loveletter. Like this worm, the subject of the email message carrying the virtual postcard is: “Te Amo” (I love you).
As well as the feature described above, the message tries to trick users by spoofing the image of a well-known perfectly legitimate virtual postcard service, in an attempt to prevent users suspecting that it is a computer attack. The postcard received is a perfect copy of those sent by this service, down to the last detail. However, the link to view it has been modified, so that when the user clicks on it, a malicious file is downloaded, which claims to contain the greeting.
If this file is run, Dadobra.ND, a downloader Trojan, is downloaded to the computer, whose objective is to download the Banbra.CLQ Trojan, designed to steal confidential data from certain Brazilian online bank services.
What’s more, the email also has an uncommon characteristic: not content with trying to obtain money through scams with stolen bank details, the author makes sure that the email address to which the message is sent is completely operational. To do this, the downloaded file has been hosted in the servers of another completely legitimate Internet Service, which allows users to send files to several recipients at the same time. This service allows the files sent to be tracked, and therefore, when the user downloads the file, the validity of the email address is confirmed. This will allow the cyber-criminal to carry out future attacks more accurately.