Dell SecureWorks Cautions of Spam Mails Proliferating Gameover ZeuS Trojan

As per the Counter Threat Unit of Dell SecureWorks, one fresh spam campaign is spreading across Internauts and company users, with the perpetrators reportedly leveraging Gameover ZeuS, the Trojan that steals banking information. Seemingly, it's the Cutwail network-of-bots that's spewing the spam mails, they add.

The malicious e-mails tell recipients that there's one fresh encrypted message for them that's been sent from one particular bank.

More precisely, the e-mails state that there's one secure e-mail for the recipients from the bank [bank's name], which's serious regarding their privacy. [Bank's name] employs such a secure method for sending/receiving e-mails having the person's private details. An attachment given inside the e-mails requires viewing and then going through its secure message that should be downloaded and saved, the e-mails conclude.

But there's one downloader named Pony inside the attachment that if run takes down and loads the Gameover.

Dell SecureWorks' researchers note that many banks' names have been utilized in the spam campaign whose numerous variants prompt users for viewing the attached archive.

Senior Security Researcher Brett Stone-Gross from Dell SecureWorks says that the spam by now has caused over one-half million contaminations. Help Net Security published this dated December 6, 2012.

The said contaminations yield PCs that are added to one huge P2P botnet leveraging Distributed Denial-of-Service conditions through which attacks are mounted on banking institutions while fund thefts progress intermediately.

Meanwhile, different from other ZeuS network-of-bots which have C&C (command-and-control) systems, the P2P network-of-bots are problematic in taking down by law enforcement and security teams. Also, these have acted as pests against plenty of business computers as well as computers of government agencies, defense contractors and universities.

As per Dell SecureWorks, it's important for training employees against pursuing any web-link alternatively viewing any attachment sent over electronic mails no matter if the source is known. Spokesperson of Dell SecureWorks Elizabeth W. Clarke said that one must always substantiate the authenticity of the e-mail sender. Searchsecurity.techtarget.com published this dated December 5, 2012.

Moreover according to Ms. Clarke, users must make their Intrusion Detection System/Intrusion Prevention System up-to-date along with firewalls for identifying the most recent e-threats.

Related article: Delhi Police Busted Online Lottery Scam

» SPAMfighter News - 12/13/2012