Security researchers have identified another interesting spam campaign, which exploits the reputation of large foreign financial institutions for the purpose of spreading malware. The malicious software, which is a new version of it Upatre Trojan (TROJ_UPATRE.YYKE), is displayed as a .MSG attachment, embedded in a second .MSG attachment. In this way cybercriminals try to bypass security defenses.
The second .MSG file in turn contains a ZIP file, which is supposed to contain something important information from the respective bank. When this file is opened on a Windows computer, the Upatre Trojan downloads a variant of the Zeus banking malware, ZBot, which aims to intercept users' bank account or card details, as well as a variant of NECURS.
NECURS is designed to disable features security of computers, for the purpose of installation backdoors in breached systems.
