Zbot Malware Distributors Aim Mobile Phones Users
According to security researchers at Sophos, an e-mail campaign is currently spamming messages to spread a fresh variant of Zbot. The e-mail messages attempt to dupe recipients into clicking on malicious attachments and downloading malware. The attachments apparently pretend to be records with which users may check the balance in their accounts.
The e-mails spoof their captions so that they seem to have arrived from email@example.com or firstname.lastname@example.org, while displaying the subject "Your credit balance is over the limit." Repeating the subject content, the message body of the e-mail notifies that the user's credit balance has exceeded the limit; therefore, he needs to examine his payments with the help of an attached file containing the Balance Checker Tool.
Evidently, the file appears in a zip format and is named 'balancechecker.zip,' which carries the banking Trojan Zbot. This malware, also called Zeus, belongs to a major Trojan group that steals information and has recently, most successfully filched money from both private individual and company bank accounts.
Commenting on the issue, Graham Cluley, Senior Security Researcher at Sophos, warned via a blog post that unwitting mobile phones users could become ensnared by the message, probably due to the convincing Vodafone logo in it, unzip the condensed file, and cause infection on their computers, as reported by Sophos on November 13, 2009.
Cluley further warned that it would be safe for users to consider uninvited files sent as attachments from unknown sources with suspicion every time. They must protect their PCs as well as e-mail gateway by deploying up-to-date security software so that hackers could be prevented from compromising their systems, luring them into frauds that lead to money loss, or snatching away their identity, he added.
According to a warning from security agencies, a lot of malware has been spread via the e-mail during recent months, with the creators of Zbot especially using this method in numerously themed spam schemes.
Moreover, some attempts at distributing Zbot have purported to be an account update program for Facebook, a configuration utility for TheBat and Outlook, or a UPS/DHL invoice.
Related article: ZBot Trojan Proliferating Inside Facebook: Trend Micro
» SPAMfighter News - 24-11-2009