Tuesday, November 24, 2009

Zbots Newest Strain

Just over an hour ago we began seeing the latest incarnation of the Zbot virus being spammed out to millions of email users. Today’s adaptation employs a common but effective social engineering tactic. The email alleges to be from a friend of yours warning you that someone has posted compromising pictures of you on the web and distributed said pictures to “all of your friends. One obvious flaw is that the random name that they sign the email with should be an unknown to you (unless they get really lucky). The link provided in the message takes you to a website where you can view these photos of yourself. The website contains a download for “PhotoArchive.exe” which is in fact a copy of the Zbot banking Trojan. In the first hour we have seen over 250,000 of these messages. Here is a list of domains that are hosting the malicious payload.

· salikuv.eu
· salikue.eu
· salikuy.eu
· salikuk.eu
· salikuc.eu
· salikui.eu
· salikuf.eu
· salikuh.eu
· salikuu.eu
· salikur.eu
· salikub.eu
· salikus.eu
· salikuj.eu

Here is the message and landing page:

Run-on sentences by, Troy Gill at 12:03 PM

Labels: , , , , ,

1 comments:

Chris said...

Just been contacted via Facebook email with this scam... hosted here http://colegionsdosremedios.com.br

November 26, 2009 5:00 AM

Post a Comment

Subscribe to: Post Comments (Atom)