Zbot Trojans Spread Through New Spam Campaign

Security researchers at Trend Micro have found another malicious e-mail attack that is spreading Trojan Zbot by stating that they contain the recipients' photographs.

Displaying subjects like "some jerk has posted your photos" and "your photos," the e-mail tells the recipient that some person has placed his pictures on a website and e-mailed the corresponding link to all his buddies.

The purpose is to convince the recipient that the individual sending the e-mail is playing the "good Samaritan" by informing about the alleged photos posting. However, the URL leads to a site, which disseminates a malicious program detected by Trend Micro as TSPY_ZBOT.CJA.

Commenting on the Zbot malware, Internet security specialists state that the Trojan downloads security configurations and plants harmful programs on the infected PC. In fact, Zbot creates an enormous security flaw by which numerous harmful spyware and adware could be fed into the user's system.

Moreover, the Internet Security Business Unit of Computer Associates (another security company) reported the same spam attack and identified the malicious program as Win32/Zbot.

The security company states that if a person clicks on the web-link given in the e-mail, he would be taken to a malevolent website that insists the user to download a "PhotoArchive." PhotoArchive is a malicious installer that leads to a file -"PhotoArchive.exe" - a Trojan that steals passwords. If this file runs, it plants and runs its own copy as sdra64.exe inside the Windows System directory.

Thus, the security specialists suggest that users must keep watch on such types of e-mails and avoid viewing any unless they are sure of its content, no matter if its sender is an associate or friend. Further, they must use dependable and up-to-date software for blocking viruses. Students should choose an antivirus program, which is equipped with resident software for monitoring the program's activity while the computer is in use.

During the 3rd week of November 2009, authorities at the Manchester Police Central e-Crime Unit and Greater Manchester Police arrested a couple as it maliciously used Zbot.

Related article: ZBot Trojan Proliferating Inside Facebook: Trend Micro

» SPAMfighter News - 12/7/2009