MSN Messenger Spoof / Bancos.ju
Threat Type: Trojan Keylogger / Malicious Website
Websense® Security LabsTM has received reports of a spoofed email message that attempts to redirect users to a malicious website to run a Trojan Horse that steals banking passwords. The user receives a message spoofed from Microsoft. The email, which is written in Portuguese, offers a new version of the Microsoft Instant Messenger program. Upon clicking the link, the user is redirected to a malicious website that hosts a password-stealing Keylogger. When predetermined banking websites are accessed, the Keylogger (bancos.ju) logs keystrokes and sends them to a third party.
The website is hosted in the United States and was up and running at the time of this alert.