Spam Offering So-called ‘Microsoft update’ Delivers Trojan

According to a warning from Trend Micro the security company, a recent surge of spam mails state that they have an important update for Microsoft Outlook, however, they try to install Trojan ZBot onto users' computers to steal their information.

A typical message from the spam outbreak which was first spotted on June 19, 2009 claims that the update being offered is critical as it provides the recipient with the most recent edition of Microsoft Outlook Express/Outlook together with the maximum amount of security and stability.

The e-mail then directs the recipient to go to the "Microsoft Update Center" through a given link but an attempt to do that leads to the download of the ZBot Trojan also called Zeus, said threat researcher Ivan Macalintal at Trend Micro that SCMagazineUS.com published on June 22, 2009.

Describing the ZBot Trojan, Macalintal said it is an infamous information stealer. When it is executed, the Trojan makes its own copy onto an infected PC and crafts a pair of files. One of the files is encrypted which the Trojan pulls down from a distant server, while the file carries the botnet controller's commands. These commands include a catalog of banking institutions and various websites particularly social-networking sites that the Trojan would monitor. The catalog thus includes Bank of America, MySpace, Facebook, Wachovia and Flickr, Macalintal said.

Meanwhile the URL mentioned for downloading the so-called "critical update" appears legitimate, although balancing the mouse on the hyperlink reveals an entirely different destination.

Besides, according to Trend Micro, the URL results in a Trojan download that in turn downloads a .bin type of file that mentions the place for making a download of the latest version of the Trojan and also the place for sending the captured data.

Historically, cyber miscreants have always been devising new methods for tricking end-users into downloading their malware and surrendering sensitive personal information. So also in a recent instance, during very early June 2009, the authors of the ZBot Trojan designed a novel theme in a spam campaign that deceitfully advised computer users that they needed to re-configure their Microsoft Outlook Express/ Outlook.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 03-07-2009

All SPAMfighter products offer a free trial!

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail, Windows Live Mail and Thunderbird.

Optimize your Slow PC for better performance. Try FREE scan now

Disk space recovery
and disk optimization. Try FULL-DISKfighter free

SPAMfighter Exchange Module is a Spam filter for Exchange server - Free 30 days trial.

Remove Spyware with SPYWAREfighter - Free 30 days trial

Antivirus software for your Windows PC - Free 30 days trial