NEWS FROM THE LAB - Tuesday, May 3, 2011

Yes, Fotos_Osama_Bin_Laden.exe is Malware Posted by Mikko @ 08:29 GMT

We have just received the first samples of malware trying to ride on the death of Osama bin Laden.

A file called Fotos_Osama_Bin_Laden.zip is being spammed via e-mail. The archive contains a file called Fotos_Osama_Bin_Laden.exe (md5: d57a1ef18383a8684c525cf415588490).

Fotos_Osama_Bin_Laden.exe / Osama bin Laden

Of course, running this file won't show pictures of dead bin Laden. Instead it executes a banking trojan belonging to the Banload family. It will install itself on the system (as msapps\msinfo\42636.exe) and starts to monitor your online banking sessions (via a BHO), trying to redirect your payments to wrong accounts.

We detect this one as Trojan-Downloader:W32/Banload.BKHJ.

As a general advice: It's unlikely you'll find pictures or videos of Bin Laden's death online — but searching for one will certainly take you to sites with malware. Take care.