Spam Mails Masquerading as Christian Liberty Financial Serve Trojan

Cisco Security Intelligence is cautioning about bulk unsolicited e-mails that purport to be from Christian Liberty Financial, name of an organization, while in reality distribute a well-known destructive Trojan called Bredo, thus published Softpedia.com on April 2, 2012.

Bearing a caption "Check from Christian Liberty Financial, Mon, 2 April 2012 12:33:29 +0100," the spam mail talks about notifying ahead, of payments to be deposited for shopping, vouchers, rent and vacation, in a given attachment having the secret number for security viz. "SODK2YP7-EO7O-BIVU-8395-4NVDN6VX6O1S" as well as USD 5,000 as payment fee.

Additionally, the fraudulent, phishing e-mail provides the address such as "CAN-SPAM Complaint, E.M.G, 341 Raven Circle, Wyoming, DE 19934" for the user to avail of instant processing while abiding by the allegedly attached instructions.

There's also an effort for persuading the e-mail reader, in the message body, towards clicking on the attachment for apparently seeing the check's particulars. But, the attachment, a zipped archive, actually consists of a malevolent executable, which on running installs malware onto the user's computer.

Precisely, the zipped archive named Your_Check_Details-8857777_042012.zip contains the harmful .exe file that actually is a variant of ICE IX ZeuS. This variant establishes a link with one central C&C (command-and-control) PC server hosted on the domain bluesbars.ru, for receiving a configuration file named 'setusating.bin' that's encrypted as well. However, when the server was tested, no configuration file got generated.

Moreover, although the attached condensed archive apparently promises the end-user's check particulars, actually, it infects his computer with a malware Sophos identified as Mal/BredoZp-B.

The described bulk e-mail scam was earlier observed during December 2011 suggesting that at that moment it proved successful, which is why the spammers are repeating the same messages.

But security researchers state that nobody will ever dispatch anybody checks, through electronic mails particularly those valuing several thousand dollars as well as without any apparent reason.

Hence, it's advisable that Internauts remain vigilant regarding notices, which canvass Christian Liberty Financial checks, while make sure their anti-malware programs are always kept up-to-date in addition to applying one's commonsense during viewing uninvited e-mails that come from nowhere and sound unbelievably true.

Related article: Spam Scam Bags a Scottish Connection

» SPAMfighter News - 4/12/2012