Security Labs


  digg   |   |     reddit
  newsvine   |     furl   |     technorati

MSN Messenger Spoof / Bancos.ju


Threat Type: Trojan Keylogger / Malicious Website

Websense® Security LabsTM has received reports of a spoofed email message that attempts to redirect users to a malicious website to run a Trojan Horse that steals banking passwords. The user receives a message spoofed from Microsoft. The email, which is written in Portuguese, offers a new version of the Microsoft Instant Messenger program.   Upon clicking the link, the user is redirected to a malicious website that hosts a password-stealing Keylogger. When predetermined banking websites are accessed, the Keylogger (bancos.ju) logs keystrokes and sends them to a third party.


The website is hosted in the United States and was up and running at the time of this alert.


Email screenshot: