Researchers Detected Terrorism-based Malicious E-mails
In the third week of June 2010, security researchers at 'Sophos' cautioned that Trojan-embedded e-mails had been circulating on the Internet and catch users attention by claiming to provide 'official terrorism information.'
In a blog post, Savio Lau (a SophosLabs Canada Researcher) states that the e-mails are designed to look like they have originated from the US Department of Homeland Security, Pentagon or Transportation Security Administration, as per the news by securecomputing on June 21, 2010.
The subject lines of these e-mails are quite fearsome - "Report on Defending and Operating in a Contested Cyber Domain," "RE:Al-Qaeda in the Arabian Peninsula (AQAP)," "FOR OFFICIAL USE ONLY," etc. The e-mails reportedly have some text that talks about the subject of the report and two links that indicate to report.zip.
Sophos researchers state that when a file is unzipped, it discloses report.exe. The file attempts to pass on as a report, but in reality, it is a Zbot Trojan.
The researchers claim that Trojan.Zbot is a Trojan horse that lowers security settings and leaves files on the hacked system. Trojan.Zbot is designed to open a big security loophole through which several harmful spyware and adware entered the user system. Moreover, Trojan.Zbot opens a backdoor that enables the hacker to gain control over the hacked system. In this way, the banking or financial details saved on the system were attacked - implying a major security risk.
In the present case, the variant of Zbot Trojan found by the Sophos researchers is reportedly 'Troj/Zbot-RA.'
Highlighting the fast spreading new malware campaign, Lau states that unlike some of the other Zbot seen earlier, this one is comparatively low volume. Yet, this technique of Zbot is not a new one.
In conclusion, Lau writes that even if someone works for these agencies, they should not get reports of this kind. Users should stay alert and thus ignore these spam campaigns.
» SPAMfighter News - 29-06-2010