Mal/VB-AER is a dangerous backdoor Trojan that is often associated with malware in the Zbot family. This family is a well-known group of banking Trojans designed to steal sensitive banking data like credit card numbers and online banking account passwords. Mal/VB-AER has been associated with several spam email campaigns designed to trick inexperienced computer users into clicking on malicious embedded links or downloading email attachments disguised as harmless files. The most recent Mal/VB-AER-related attack, as of the writing of this, was detected in July of 2012 and is aimed at French-speaking computer users. If you have opened an email attachment contained in an unsolicited email message, ESG security researchers strongly recommend running a full scan of your computer with a reliable anti-malware program. Your computer system may have been exposed to Mal/VB-AER or other malware associated with this threat.
Taking advantage of human nature and the universal appeal of revealing photographs of attractive people, criminals often disguise their malware as revealing photographs in a variety of contexts. There are countless examples of this tactic, from supposedly leaked photographs of supermodels to paparazzi pictures of celebrities offered via malicious email messages or through Facebook and other social networks. Oblivious to the probable threat behind these tactics, inexperienced computer users are more likely to click on these supposed pictures. However, except for a few very specific cases, ESG security researchers can state with confidence that an unsolicited email message claiming to contain naked or revealing pictures is almost certainly hiding malware similar to Mal/VB-AER. While this sounds like common sense, new computer users fall victims to these kinds of scams every single day.
The Mal/VB-AER scam in particular recently uses an email message with the subject line 'Facebook' and a message written entirely in French. However, unless you are a French speaker, you will not notice that the French used in this email message is wrought with grammar and spelling errors and was probably created with a machine translator. A rough translation of Mal/VB-AER's message reveals that it supposedly contains revealing photos, which can be accessed by opening a ZIP file encrypted with the password 123456. Opening this archive actually runs Mal/VB-AER and a Trojan in the Zbot family of malware. Mal/VB-AER installs a backdoor into the victim's computer system which criminals can then use to obtain unauthorized access to the infected PC.
File System Details
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.