Last month, Symantec detected a spam campaign mainly targeting financial institutions, which used social engineering to try trick victims into installing “virus detection software” that was in fact an information stealing Trojan (W32.Difobot).
The emails purported to come from HSBC, a banking and financial services company based in London, even displaying an @hsbc.com email address. The messages claimed that the virus detection software was Rapport from Trusteer, a legitimate security program designed to protect online bank accounts from fraud. However, the fake Rapport software is actually malicious and, if installed, does the opposite of what is claimed and steals information from the compromised computer. The malware also uses Windows GodMode in order to hide itself on infected computers.