Websense® Security Labs™ has discovered malicious code hosted on a government body's official Web site. The victim is Comisión Federal de Telecomunicaciones, a division of Mexico's government (equivalent of the FCC in the United States). The main page of this Mexican government Web site does not contain anything malicious. However, when a user visits http://prospectiva.cft.gob.mx/, an .scr file is downloaded. After execution, the .scr file drops a suspiciously named executable into the Windows startup directory for all users. The executable downloaded from this government site is malicious. The newly-installed malware collects user information and sends it back to the original source of the executable. Screenshot: The exact path to the .scr file is: C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\MY_LOVE.EXE Screenshot: The author of this malicious executable took an additional step in disguising this file by adding company version information and claiming to come from “Microsoft Corporation”. At the same time this file is dropped, an SMTP connection to one of Gmail's server is made. Screenshot:

More...