TrojanPWS.Fareit.gen is a password stealing Trojan that arrives in users inboxes as an attachment under a variety of names including sales.zip, tax_doc.zip, etc. The email has a forged Sender and contains various Tax related Subject lines including, “FW: 2010 and 2011 Tax Documents; Accountant's Letter”.
The Trojan contains password stealing abilities and after execution it is coded to look to various websites for either [a] further instructions or [b] to download additional malicious files. The URL’s listed inside the malicious code at this time are inactive. As a precaution, Thirtyseven4 has proactively blocked these targeted domains via our Browser Protection module should they become “active”.
Here is an example screenshot:
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
