If you have received an email with a confusedly long link for a supposed Wachovia site that looks like http://commercial.wachovia.online.financial.business….cashman766.com/Service.htm, delete it. It seems that users in Great Britain are receiving these messages. That page will serve up file “wachovia_certificatev102.exe”. When run, you do not install certificates new to Wachovia.
Instead, this trojan downloads “cb_1.exe” and runs it, installing multiple password stealing and rootkit components that are not new (but this version of the fraudulent scheme is new). The components, including 9129837.exe (Spyware.Papras) and new_drv.sys (Rootkit.Agent.ex) will steal all web form input (from any and all banks, for example), most any other stored passwords on the system, and send the data off to a server hosted in Singapore.