[ISN] Botnet Unleashes Variety Of New Phishing Attacks

From: InfoSec News <alerts_at_private>
Date: Tue, 20 Oct 2009 02:17:15 -0500 (CDT)
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=220700200

By Kelly Jackson Higgins
DarkReading
Oct 19, 2009

The massive Zbot botnet that spreads the treacherous Zeus banking Trojan 
has been launching a wave of relatively convincing phishing attacks 
during the past few days -- the most recent of which is a phony warning 
of a mass Conficker infection from Microsoft that comes with a free 
"cleanup tool."

The wave of attacks began early last week targeting corporations in the 
form of email messages that alerted victims of a "system upgrade." Email 
is accompanied by poisoned attachments and links; in some cases it poses 
as a message from victims' IT departments, including their actual email 
domains, and alerts them about a "security upgrade" to their email 
accounts. The message then refers victims to a link to reset their 
mailbox accounts, and the link takes them to a site that looks a lot 
like an Outlook Web Access (OWA) page (PDF), but instead infects them 
with the Zeus Trojan.

Today, researchers at F-Secure spotted the botnet spamming out 
malware-laden email that tries to trick recipients with a convincing 
lure messages that says, "On October 22, 2009 server upgrade will take 
place."

"What we're seeing is an evolving campaign of different lures to see 
which one works," says Richard Wang, manager of Sophos Labs in the U.S.

The Zbot botnet, which is made up of 3.6 million PCs in the U.S., or 1 
percent of all PCs in the country, according to data from Damballa, 
spreads the deadly Zeus Trojan. Zeus, which steals users' online 
financial credentials, represents 44 percent of all financial malware 
infections today, according to Trusteer.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Tue Oct 20 2009 - 00:17:15 PDT

This archive was generated by hypermail 2.2.0 : Tue Oct 20 2009 - 00:23:22 PDT