A new campaign just started up involving some fake dropbox password reset emails. The emails come in with a sad computer face claiming the recipient has requested a password reset and their old password is now “dangerous”.
The email itself contains a link that when clicked, leads the user to a page saying their browser is out of date and they need to update it.
Clicking anything in the linked notification page downloads a file ieupdate.exe. The file is a Trojan that is part of the Zeus family. The links in the email messages came from 54 unique domains but all of the download links in the browser-out-of-date pages to actually download the malware were hosted at dynamooblog.ru which was registered yesterday (on a side note, it’s sort of similar naming to a security blog at blog.dynamoo.com). As always, take extreme caution when you get any password or banking emails out of the blue. Always check where they may lead you and what information it may be asking.