Zeus Botnet Sends Spam to Target MySpace Users

Security researchers at Trend Micro have claimed that they have detected spam e-mail sent by the Zeus botnet, which encourage users to update their MySpace accounts.

Rik Ferguson, Senior Security Advisor, Trend Micro, states that these spam e-mails resemble to fake Facebook e-mails discovered in the first week of November 2009 as they have also asked recipients to update their MySpace accounts by clicking on the given link, as reported by SCMagazine on November 12, 2009.

The link provided in the e-mails lead the recipient to bogus MySpace login page where his account details are pilfered. Moreover, if the recipient feeds in his account details on the page, MySpace Update Tool tricks him into installing a variant of the Zeus agent, said Ferguson. Trend Micro has named this variant TSPY_ZBOT.SMP.

Expressing his views on the issue, Mikko Hypponen, Chief Research Officer at F-Secure, said that once the e-mail recipient logged on, fraudsters gained accessed to his MySpace credentials. Now the question hogged in mind why they needed credentials; possibly to send malevolent links to friends and known ones who follow them without any kind of dubiousness, as reported by SCMagazine on November 12, 2009.

Rik Ferguson further commented that its very difficult for a budding cyber criminal to find a reliable partner. So if the person hired by the criminal to load his bot on victims' boobytrapped web page chooses to send his own package to their (victims) computers, the employer criminal would come to know about it, as reported by CounterMeasures on November 9, 2009.

Another interesting point about the fake e-mail is that it contains "readme" file. Explaining the new feature of e-mail, Ferguson stated that this spam distributor was providing a fully installed, configured and supported Zeus installation, injection scripts, agent builder and control panel for just US$ 320.

In the Facebook attack discovered during the first week of November 2009, the botnet distributed around 1000 phishing messages every minute from each domains used by it. During the process, 30 domains were being used. This means 30,000 messages were sent by the botnet every minute or 500 per second. Throughout the campaign, a huge total of 1.65 Million spam e-mails were dispatched.

Related article: Zeus Trojan Stole Huge Amount of Information

» SPAMfighter News - 11/24/2009