LogMeIn Subscribers Cautioned about Phishing E-mails
According to MX Lab a security research company in Belgium, LogMeIn subscribers have been asked for being vigilant about phishing e-mails supposedly from the organization.
It maybe noted that the public company LogMeIn offers computer programs that work like service-oriented remote interconnection, partnership, as also support solutions benefiting both individual customers and enterprises.
Using a header "LogMeIn Account Notification -Account locked," the fraudulent e-mail is designed to disseminate malicious software.
The notification addressing any LogMeIn subscriber tells that owing to many failed trials for logging in, it was necessary to lock his LogMeIn.com account. In detail the e-mail describes the event as that of locked account; origin -a website; time-and-date -4:46am, 3/6/2013; and IP address -18.104.22.168.
It then tells that the user can regain his account by following a given web-link to fill out the 'unlock' form. Thereafter, he requires sending a scanned replica of the form at email@example.com. The e-mail requires no reply since it is dispatched from an unmonitored id, the message adds.
For more help, the user can visit a web-link and its section -LogMeIn Support. Ultimately, the e-mail writes "LogMeIn.com Support" as the signing off moniker.
Unfortunately, the web-address produces one zipped archive (logmein_unlock_form.zip), which has another huge file (logmein_unlock_form.pif).
MX Lab said the Trojan was Trojan-Spy:W32/Zbot.BBHD, an edition of Win32/Kryptik.ASTO, Trojan.Win32.Agent.AMN (A), Troj/Agent-AANP, Trojan.Zbot, or UDS:DangerousObject.Multi.Generic. According to the company, 5 anti-virus scanners from the total 46 of Virus Total could catch the Trojan.
Its installation resulted in one undesired process, many Windows registry alterations, while the malware made a link with certain port 80-hosted domain.
Subscribers of Logmein.com along with Docusign.com a provider of electronic signature began reporting about probable hack into client information following malicious electronic mails into accounts they created solely associated with those firms during December 2012. The two firms, however, state not having located any clue about a data-hack hitherto.
During July 2012, consumers of DropBox.com a sharing and file-syncing provider similarly reported about junk e-mails into ids they created solely for DropBox. Formerly, DropBox informed of 'nil internal hack,' however, after 2 weeks, it revealed that a worker's error resulted in the accidental leakage.
» SPAMfighter News - 14-03-2013