Websense Security Labs ThreatSeeker Network: Erste Securities in Poland is hosting malicious code
September 2008 by Websense
Websense® Security Labs ThreatSeeker Network has discovered that the web site of Erste Securities in Poland is hosting malicious code. Erste Securities Polska S.A. represents the Erste Bank group in Poland - one of the largest Austrian banking groups and a leading financial services provider. Erste Bank is a retail bank in Central Europe based in Vienna, Austria, and operating in Austria, Bosnia and Herzegovina, Croatia, Czech Republic, Hungary, Romania, Serbia, Slovakia, and Ukraine.
The malicious code is named foto.exe, but uses the default JPG icon on Windows XP to disguise itself from appearing as a Windows executable. Upon execution, the malware (SHA1: 0f7151400dbb7ecf5f9e7a4dc7947891) downloads a keylogger/password stealer Trojan banker, that steals personal financial information.
Websense Messaging and Websense Web Security customers are protected against this attack.