I’m writing this blog to demonstrate how the bad guys are getting better each day–or not, depending of your point of view.

Once again our topic is Brazilian malware authors. Yes, the dumb ones I keep running up against.

One of the recent versions of the PWS-Banker Trojan being distributed via spam has an interesting feature. First, let’s recall how those malwares usually spread:

This version of PWS-Banker, besides grabbing passwords and screenshots, will also download Microsoft MSN Messenger. Or an app that at least looks like Messenger.

When you enter your username and password and click enter, the app will exit. But, in the background it will message all your contacts on your behalf, sending nice notes with links.

Now, let’s play The Seven Errors Game. Below are two MSN Messenger login screens. (One is in Portuguese and the other is in English, but that is not one of the errors.)

and

Unfortunately I am not really being fair with you, because only one of the seven errors can be seen visually. The other six are found only by behavioral analysis.

Here are the answers, starting from the top and working downward.

1) The windows are different, and you can see the minimize/maximize/close buttons are different
2) The help icon is the same, but when you click on it, no option is clickable
3) The dropbox on the login name doesn’t work
4) The status drop box doesn’t work
5,6,7) The check boxes don’t work

Next time something unexpected pops up on your screen, don’t enter your data right away. Check and recheck before you believe it’s real.