English Deutsch Español Français Italiano Portuguese Čeština Ελληνικά 中文(简体) 中文 (繁體) Tiếng Việt 日本語 ภาษาไทย Русский Български Nederlands Polski Svenska Norsk Dansk Suomi

McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

SPAMfighter is

Microsoft Gold Certified Partner

SPAMfighter also

Works with Windows Vista

SPAMfighter Exchange Module is Microsoft certified ".net connected".

Microsoft .NET Connected

ZBot Spammed Through Capital One Phishing Site

Trend Micro security researchers state that they have detected a weird amalgamation of the ZBot malware and a phishing scam targeting Capitol One in an extremely novel spam outbreak, as reported by Trend Labs on October 22, 2009. Capital One Financial Corp is a US-based bank holding organization specializing in home and automobile loans, saving products, banking and credit cards.

Describing the scam in detail, the security researchers said that people were getting an e-mail that addressed the recipient as 'Capital One Tower NetSM' or 'Treasury Optimizer User.'

It then stated that based on the newly issued clauses in the mutual Data Access Agreement among the recipient's organization and Capital One, a Digital Certificate would be given to the recipient's organization.

The message also added that since the data of client was private in character, could be accessed online from anywhere in the world and had the potential of being captured for fraud, it was essential that the system knew the user's authorization and identity.

However, if users click on the given link, they land on a phishing site where on entering the necessary details for logging in, a web-link is provided that supposedly downloads the digital certificate.

The link actually downloads a variant of ZBot that attempts at intercepting users' keystrokes, capturing their identifying details, particularly capturing their monetary or financial information. In addition, the malware captures the desktops' screenshots.

Furthermore, the ZBot variant steals everything contained in the Windows Protected Storage along with certificates that are held on the contaminated computer. It also steals usernames and passwords in connection with access to FTP and POP3 protocols.

The researchers said that the ZBot would begin its primary function of information theft after establishing a link with certain remote server and downloading an encrypted configuration file. The mentioned file would have an address to which the ZBot would subsequently upload the captured data phished on specified websites; another address for downloading the ZBot's yet another variant; and the address for downloading an additional configuration file.

» SPAMfighter News - 04-11-2009

SPAMfighter box shot

SPAMfighter is a free spam filter for Outlook, Outlook Express,Windows Mail and Thunderbird - Read more

Slow PC? Try SLOW-PCfighter

Optimize your Slow PC for better performance. Try FREE scan now.

 

Exchange spam filter

SPAMfighter Exchange Module is a spam/virus filter for Exchange server - Free 30 days trial

 

Spyware remover

Remove Spyware with SPYWAREfighter - Free 30 days trial

<<<>>>