Revamp of ZBot Trojan Reveals MX Lab
In a latest intervention, a new Trojan campaign spoofing the address "Federal Deposit Insurance Company (FDIC)" was revealed by MXLab.
MX Lab unmasked the catchy message that started the subject line, "FDIC: About your business account V3NV-9435223". Further, it informed the recipient of holding all bank-related knowledge of the recipient. For reference of the same, a file had been attached with this information. The attached reference included details on the acquiring bank, ways in which the accounts and loans are affected, and the ways by which vendors can file claims against the receivership.
The security experts confirmed the scammed e-mail attachment to contain a well known Trojan, ZBot. The zipped file bears the name FDIC_Information_About-your-business-account-07193.zip and holds the 205 kB large file FDIC - Important Information About your business account.exe.
Experts while commenting further on the spoof, claimed the Trojan to be similar to the one that appeared in the same month (December 2011) in the spoofy e-mails demanding over 7000 stocks to select from on the US exchanges.
Once more, MX Lab reported about the scammed e-mail with the subject "How To Beat The S&P500 By 5,420 pc Or MORE?, Wednesday, 7 Dec 2011 15:26:29 +0100, MAAIGNCPV5".
This email also included the attached Zip file bearing the name
Both the subject line, used by the scammer in the spoofy e-mail looks more or less similar. Only the subjects appeared with a date stamp and a randomly generated letter and number combination.
However, experts at MX Labs recommend netizens to remain vigilant while receiving e-mail with attachment files for Trojan or malicious spam.
Related article: Revamp of Kelihos Botnet
» SPAMfighter News - 17-12-2011