Freely subscribe to our NEWSLETTER

Sinowal.WRN is a Trojan that collects all possible information from computers. By making a series of registry entries it goes resident on the system, gathering and sending all the data it finds.

It reaches users in an email claiming that there is an H1N1 virus vaccination program and that everyone should register their personal details for monitoring purposes.

The email includes a link to download the electronic document needed to create the personal vaccine profile.

In just a few days, our technical department has received more than 10,400 reports of these emails, which have a variety of subject fields.
If users click on the link, they are taken to a Web page where they are asked to download a document in order to create their vaccination profile. Running this file infects the computer with Sinowal.WRN, which is designed to steal confidential information. The information is then stored in files which are later sent to the creator of the malware.

Banbra.GLS is a banker Trojan designed to steal bank details of users that access certain Brazilian bank websites. It arrives in a file which, when run, displays a browser window with a spoof image of a PayPal invoice.

TDSS.CZ is a Trojan which can reach users as an attachment to an email. This file is called flashupdate, and it has a typical installer icon. This is designed to trick users into installing the supposed update.

When the file is run, the only thing that users will notice is that the file disappears. Yet it hasn’t really disappeared, it has just been hidden (as it has rootkit characteristics). The process is still running however, transparently to users and to the system.