This seems like a variation of a sequence in a movie in which the gunman shoots the convenience store clerk for not responding fast enough to his demand for cash. The Asprox phishmail is designed to steal bank logon information; if a user is ill-informed enough and actually enters what appears to be real bank data, the browser is redirected to the fake bank Website. But if the would-be victim is feeling a bit venomous and enters a username like “phish” or some other workplace-inappropriate language, his or her browser is subject to a range of retaliatory exploits, including a copy of Asprox, which turns the machine into a node in the botnet, as well as the Asprox downloader, which can install all sorts of goodies.
SecureWork’s Joe Stewart, director of malware research, is certainly prolific in his revelations about malware affecting banks and bank clients. But this find, released this week, reveals this group of hackers to be pretty vengeful characters.