False notification of fines and banking Trojan for Argentine users

A fake email is circulating that simulates being sent by the Argentine government's traffic division, the attackers' goal is to make victims believe they were fined for them to download some alleged photos of the infringement.

The mail looks like this:

Click to see larger

The included links download a file calledNotificacion.exe which is actually a Trojan, according to an analysis carried out by Segu-Info.com.ar it is a banking trojan seeking to steal accounts from various entities. When the victims try to access their Home Banking, the malware hijacks the browsers, instead showing a false window that simulates that of the bank.

Although the deception is easy to detect, many users believe it and even think that there is something wrong with the photos because they cannot open them.

Always remember to have watch out for links received and any kind of download that you are going to make, either attachments or file links. In this case the deception is quite evident because it is executable (.exe), but keep in mind that the malware can also be camouflaged in other file types such as specially manipulated Word, Excel and PDF documents.

For example, in a context of supposed fines, they could send you an invoice to print and even if the files are actually .pdf or .doc to appear less suspicious, the computer could easily become infected simply by opening them.

Thanks Gustavo for sending it!

See also: Common sense prevented fraud (banking Trojan on infected computer).