Bancos Dropper

ThreatFire users in Brazil are being attacked with yet another Bancos dropper/downloader.

The source of the file, “jk982732-2309.zip”, which extracts simply to an aspack’ed “jk982732-2309.exe”, is not entirely clear at this point. If any of our users have seen this file prevented on their desktop, please contact us on the forums or here in the comments with some information on its source and any IM messages or email related to this file.

A dead giveaway that something is unusual is the “Google Inc” file company name property, along with the Microsoft MSN butterfly icon:

Another giveaway that something is amiss is that the file also attempts to download components from free web hosting site “nofeehost.com” that masquerade as Brazilian security Buster Browser Defense components.

Any further information from users would be welcome.

This entry was posted in The Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>