Mal/VB-AER

Mal/VB-AER Description

Mal/VB-AER is a dangerous backdoor Trojan that is often associated with malware in the Zbot family. This family is a well-known group of banking Trojans designed to steal sensitive banking data like credit card numbers and online banking account passwords. Mal/VB-AER has been associated with several spam email campaigns designed to trick inexperienced computer users into clicking on malicious embedded links or downloading email attachments disguised as harmless files. The most recent Mal/VB-AER-related attack, as of the writing of this, was detected in July of 2012 and is aimed at French-speaking computer users. If you have opened an email attachment contained in an unsolicited email message, ESG security researchers strongly recommend running a full scan of your computer with a reliable anti-malware program. Your computer system may have been exposed to Mal/VB-AER or other malware associated with this threat.

Taking advantage of human nature and the universal appeal of revealing photographs of attractive people, criminals often disguise their malware as revealing photographs in a variety of contexts. There are countless examples of this tactic, from supposedly leaked photographs of supermodels to paparazzi pictures of celebrities offered via malicious email messages or through Facebook and other social networks. Oblivious to the probable threat behind these tactics, inexperienced computer users are more likely to click on these supposed pictures. However, except for a few very specific cases, ESG security researchers can state with confidence that an unsolicited email message claiming to contain naked or revealing pictures is almost certainly hiding malware similar to Mal/VB-AER. While this sounds like common sense, new computer users fall victims to these kinds of scams every single day.

The Mal/VB-AER scam in particular recently uses an email message with the subject line 'Facebook' and a message written entirely in French. However, unless you are a French speaker, you will not notice that the French used in this email message is wrought with grammar and spelling errors and was probably created with a machine translator. A rough translation of Mal/VB-AER's message reveals that it supposedly contains revealing photos, which can be accessed by opening a ZIP file encrypted with the password 123456. Opening this archive actually runs Mal/VB-AER and a Trojan in the Zbot family of malware. Mal/VB-AER installs a backdoor into the victim's computer system which criminals can then use to obtain unauthorized access to the infected PC.

Technical Information

File System Details

Mal/VB-AER creates the following file(s):
# File Name Size MD5
1 DC24154.exe 300,872 4c699216537e50a9db96a0b35ebc17b7

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.