Zbot Spammed Through Mailbox Deactivation NoticeWhile malware purveyors once again strive to install the banking Trojan Zbot, also known as Zeus on users' computers, Sophos Labs proceeds to tap a spam outbreak widely spamming the malware to end-users with a claim that their mailbox has been deactivated. Using a header, "your mailbox has been deactivated," the spam mails pose as a notice from the e-mail field of the recipient. Thus, in the case of an e-mail ID john.smith@example.com, its owner would get the spam mail from notifications@exmple.com. The text of the spam mails states that the recipient is being contacted in connection of a strange act detected inside his mailbox. Consequently, it has been necessary to disable it, but the mailbox can be restored if the user unzips and executes the attached file named 'mailbox utility.' The e-mail then signs off, expressing regards from [domain name] technical support. Graham Cluley, Senior Technology Consultant at Sophos, notes that the company has observed the trick earlier too (that of posing as a message from a user's e-mail administrator) and its persistent use is due to its sheer success, as reported by SoftPedia on November 18, 2009. Cluley adds that users become alarmed when they feel they won't be able to use their e-mail to communicate with others online, and might rush to click on the attachment without considering that it could be malicious. The attachment in the spam mails labeled as utility.zip carries a malicious executable that Sophos identified as Mal/EncPk-LP. Dancho Danchev, an independent security advisor, states after carefully studying the malware that Mal/EncPk-LP is designed to install additional downloaders from different servers that ultimately lead to the installation of TrojWare.Win32.TrojanSpy.Zbot.Gen, as reported by SoftPedia. Zbot or Zeus belongs to a Trojan group of advanced data-capturing malware that are capable of compromising Internet banking credentials as well as clandestinely shifting money from actual people's accounts to those of attackers. For these Trojans' creators, e-mail spamming has got to be the most preferred malware dissemination technique. Some similar recent scams had targeted Facebook users or UK cell-phone clients of Verizon and Vodafone. Related article: ZBot Trojan Proliferating Inside Facebook: Trend Micro » SPAMfighter News - 12/1/2009 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
