FedEx Name Used to Spread Malware, Says BitDefender
Researchers at BitDefender, an online security company, have spotted a new surge of spam e-mails that abusively use delivery company FedEx's name to trick users into downloading an extremely destructive malware onto their computers.
According to the researchers, the spam e-mail informs the recipient that FedEx could not deliver a package that was sent in July 2008. It also asks the reader to open an attached file and print out the invoice from it so that he/she can collect the undelivered parcel. However, instead of containing the supposed invoice, the attachment holds an extremely destructive malware called Trojan.Spy.Zbot or its variant named Trojan.Spy.Wsnpoem.HA.
Moreover, the security specialists say that the malware is especially designed to capture sensitive e-banking details. Having once entered a computer, the malware installs itself in Windows\System32directory, where it creates a wsnpoem folder with a hidden rootkit. This folder subsequently filled with encrypted ntos.exe along with video.dll and audio.dll whereby the two "DLLs" are used for storage and configuration purposes.
The folder also creates a new registry that helps it to run every time Windows starts up. It further harvests sensitive e-banking data by injecting malicious code into iexplorer.exe and winlogon.exe processes while downloading a single or numerous files stored on a remote server. The folder then uses these files for storing the information it collects by intercepting the user's browser activity.
Head of BitDefender Antimalware Research, Sorin Dudea, said that ZBot and its other variants have a potential to cause huge damage, as they can disable firewalls, grab sensitive financial information like bank account and credit card numbers, steal log-in details, take screen shots as well as create logs pertaining to existing working sessions, as reported by MarketWatch on August 27, 2008.
Dudea further said that ZBot is featured to download additional components as well as enables the remote attacker to gain access to a hacked system. Hence, it is strongly recommended that users avoid opening both the spam mails and their attachments. In addition, they should install and run a reliable firewall and anti-malware and anti-spam solutions.
Related article: FTC Reaches Million-Dollar Settlement For Spyware
» SPAMfighter News - 03-09-2008