Trojans steal YM accounts to scam in Vietnam

With stolen Yahoo Messenger accounts, crooks chat with victims' friends, exploit information and buy a phone recharge card. At the same time, they spread the website link containing malicious code to continue the crime.

With stolen Yahoo Messenger accounts, crooks chat with victims' friends, exploit information and buy a phone recharge card. At the same time, they spread the website link containing malicious code to continue the crime.

Mr. Vu Trung Nghia, a victim of this new online scam, sent an e-mail to share with VnExpress about how he received the download link http://files.myopera.com/em . / tracnghiem.exe from friend. Some time after running this file, he suddenly received a message about the payment of phone scratch cards by buying before that he did not know. Some others complained about losing their e-mail password after he ' used it because of my inbox ' even though he didn't borrow from anyone. Asking back The new meaning of "asking for help" comes from a message from his YM nickname that he does not know.

Trojans steal YM accounts to scam in Vietnam Picture 1Trojans steal YM accounts to scam in Vietnam Picture 1 According to Nghia's description, his friend recounted that the hacker also had a " prelude " to visit, shouted for a conversation and then offered to buy a scratch card or a sim card with the value of 300-500 thousand dong. Then send the secret sequence to him. Some people have become victims because they think their friends are in real trouble.

Analysis of Bach Khoa Network Security Center (BKIS) shows that the criminal tool is the keylogger Trojan-type software (write the keyboard and mouse code) with a small size, only about 40 KB, pre-installed on the website. Hackers and camouflage in the form of a music file or entertainment test. When the victim runs the program, the Trojan will infiltrate the computer under the name explore.exe in the system folder, and create an explorer.dll file to record all keyboard and mouse actions of the user. , change parameters in the Windows Registry system to automatically run each time you start. After controlling the system, the Trojan automatically sends all user actions to the hacker e-mail.

' So, hackers have all the accounts and passwords that the victims are using on their computers, not just Yahoo Messenger, ' said Vu Ngoc Son, Head of the BKIS virus division. ' Acquire both a password store, hackers search on their computers and conduct phishing tricks '.

Son said the Trojan is not technically complicated, but the trick of those who use it is significant because it is easy to talk without causing suspicion to the victim. This scam has just appeared and there are no official statistics. However, network security experts also suggest users should be more alert in the near future because of their variations.

Hung Hai

4 ★ | 2 Vote