Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go
-->

New Zeus Variant Attacks AOL Instant Messenger Users

Security researchers at Webroot, an antivirus company, have discovered that the infamous password-stealing Trojan 'Zeus' is attacking those people who use AIM (AOL Instant Messenger).

An e-mail is sent to users of the widely-accepted IM program. The e-mail tells the recipient that his AIM account has been deactivated and it will be deleted in the next 72-hours. However, if the recipient wants to continue using his account, then he has to download and install the most recent and critical update of the AIM system, the e-mail states.

For installing the update, the e-mail prompts the user to follow a link to download an apparently genuine file named aimupdate_7.1.6.475.exe. But the file actually installs a fresh Zeus variant.

Moreover, the captions in the fake e-mail vary from "Your AOL Instant Messenger account is flagged as inactive" to "Your AOL Instant Messenger account will be deleted" and "AOL Instant Messenger critical update."

Andrew Brandt, Lead Threat Research Analyst at Webroot, states that Zeus, or Zbot, has two functions. First - it helps controller to remotely take over a host computer and turn it into a bot. Second - it grabs passwords stored on the host computer, as reported by SCMagazine on January 25, 2010.

Brandt further states that the Trojan activates an iFrame injected into a website, which tries to exploit flawed editions of Adobe Reader so that the Zbot keylogger can be installed on the host computer. Once the web-page is accessed, the malware runs immediately, he adds. Webroot researchers also said that the iFrame ridden web-page apparently linked to an Internet Protocol address, which belonged to a phishing group in Russia.

Kelly Dowell, Executive Director of CUISPA (Austin, Texas), stated that Zeus, the banking Trojan, was dangerous because it was difficult to spot. Moreover, it led the user to the phishing site once he logged in, he said, as reported by Credit Union Times on January 12, 2010.

Meanwhile, the new Zeus attack uses the same infection technique as that of recent spam campaigns that spoofed the US Social Security Administration, MySpace, and Microsoft Outlook Express/ Outlook.

Related article: New Zealand Releases Code To Reduce Spam

ยป SPAMfighter News - 30-01-2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next