"New Moon" Movie Attracts Malware Makers

These days, malware campaigns target pretty much anything that people are likely to search for on Google (in fact, some campaigns even target seemingly random searches).  One of the latest malware campaigns targets fans of the Twilight book series in anticipation of the upcoming movie New Moon.

As reported by ThreatExpert, the new Trojan (dubbed "PWS-CuteMoon" by McAfee) harvests passwords from a variety of e-mail and FTP client applications—including but not limited to Outlook, Thunderbird, Eudora, The Bat!, CuteFTP, FileZilla, and WS_FTP—and sends the stolen credentials to the malicious site newmoon-movie .net, which receives the data via the Cute News service.

PWS-CuteMoon is also detected as Trj/CI.A, Trojan-Downloader.Win32.FakeRean, TrojWare.Win32.PSW.LdPinch.Gen, and Win32/TrojanDropper.Agent.OKG, according to McAfee.

For more details, see ThreatExpert's blog post and automated analysis of the malware.  See also the Web of Trust (WOT) reports for these affiliated sites:

• http://www.mywot.com/en/scorecard/newmoon-movie.net
• http://www.mywot.com/en/scorecard/174.36.223.240
• http://www.mywot.com/en/scorecard/95.168.163.129